Launchpad CVE tracker

CVE 2013-2266

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

Related bugs and status

CVE-2013-2266 (Candidate) is related to these bugs:

Bug #1161794: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named

Summary				In	Importance	Status
	1161794	CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named		bind9 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.isc.org/sof...
CONFIRM: https://kb.isc.org/art...
CONFIRM: https://kb.isc.org/art...
DEBIAN: DSA-2656
REDHAT: RHSA-2013:0690
REDHAT: RHSA-2013:0689
UBUNTU: USN-1783-1
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2013-09-12-1
FEDORA: FEDORA-2013-4525
FEDORA: FEDORA-2013-4533
CONFIRM: http://linux.oracle.co...
BID: 58736
HP: HPSBUX02876
HP: SSRT101148
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2013-2266

Related bugs and status

Related bugs

References