CVE-2013-4854
bind9 - denial of service
EPSS 51.1%
Description
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
How to fix CVE-2013-4854
To remediate CVE-2013-4854, upgrade the affected package to a fixed version below.
- Debian/bind9—upgrade to 1:9.8.4.dfsg.P1-6+nmu3 or later
- —upgrade to 1:9.7.3.dfsg-1~squeeze11 or later
Is CVE-2013-4854 being exploited?
Likely — EPSS is 51.1%, placing CVE-2013-4854 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 1:9.8.4.dfsg.P1-6+nmu3
- from 0, < 1:9.7.3.dfsg-1~squeeze11