CVE-2013-2266
Last modified
CVE-2013-2266 is a vulnerability of currently unknown severity. libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.. EPSS estimates a 42.85% chance of exploitation in the next 30 days.
Description
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Isc | Bind | 9.9.0 | — |
| Isc | Bind | 9.9.1 | — |
| Isc | Bind | 9.9.2 | — |
| Isc | Bind | 9.9.3 | — |
| Isc | Bind | 9.7.0 | — |
| Isc | Bind | 9.7.1 | — |
| Isc | Bind | 9.7.2 | — |
| Isc | Bind | 9.7.3 | — |
| Isc | Bind | 9.7.4 | — |
| Isc | Bind | 9.7.5 | — |
| Isc | Bind | 9.7.6 | — |
| Isc | Bind | 9.8.0 | — |
| Isc | Bind | 9.8.1 | — |
| Isc | Bind | 9.8.2 | B1 |
| Isc | Bind | 9.8.3 | — |
| Isc | Bind | 9.8.4 | — |
| Isc | Bind | 9.8.5 | — |
References
- http://www.isc.org/software/bind/advisories/cve-2013-2266Vendor Advisory
- https://kb.isc.org/article/AA-00879/Vendor Advisory
- http://www.isc.org/software/bind/advisories/cve-2013-2266Vendor Advisory
- https://kb.isc.org/article/AA-00879/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2266?
How severe is CVE-2013-2266?
How do I fix CVE-2013-2266?
Are you affected by CVE-2013-2266?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST