CVE-2011-4313
bind9 - improper assert
EPSS 8.7%
Description
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
How to fix CVE-2011-4313
To remediate CVE-2011-4313, upgrade the affected package to a fixed version below.
- Debian/bind9—upgrade to 1:9.8.1.dfsg.P1-1 or later
- Debian/bind9—upgrade to 1:9.6.ESV.R4+dfsg-0+lenny4 or later
Is CVE-2011-4313 being exploited?
Moderate — EPSS is 8.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 1:9.8.1.dfsg.P1-1
- from 0, < 1:9.6.ESV.R4+dfsg-0+lenny4