FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-2266

This CVE name corresponds to:

Entered Topic
2013-04-02 FreeBSD -- BIND remote denial of service
2013-03-27 dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2013-2266
Phase Assigned(20130221)

Description

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

References

Source Reference
CONFIRM http://www.isc.org/software/bind/advisories/cve-2013-2266
CONFIRM https://kb.isc.org/article/AA-00871/
CONFIRM https://kb.isc.org/article/AA-00879/
CONFIRM http://support.apple.com/kb/HT5880
APPLE APPLE-SA-2013-09-12-1
DEBIAN DSA-2656
FEDORA FEDORA-2013-4525
FEDORA FEDORA-2013-4533
HP HPSBUX02876
HP SSRT101148
REDHAT RHSA-2013:0690
REDHAT RHSA-2013:0689
UBUNTU USN-1783-1
OVAL oval:org.mitre.oval:def:19579