CVE-2013-2266
Published: 26 March 2013
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Notes
Author | Note |
---|---|
seth-arnold | No patch will be provided for 9.7. The suggested workaround is re-compile without regex support. |
Priority
Status
Package | Release | Status |
---|---|---|
bind9 Launchpad, Ubuntu, Debian |
upstream |
Released
(9.8.4-P2, 9.9.2-P2)
|
hardy |
Not vulnerable
(1:9.4.2.dfsg.P2-2ubuntu0.12)
|
|
lucid |
Released
(1:9.7.0.dfsg.P1-1ubuntu0.9)
|
|
oneiric |
Released
(1:9.7.3.dfsg-1ubuntu4.6)
|
|
precise |
Released
(1:9.8.1.dfsg.P1-4ubuntu0.6)
|
|
quantal |
Released
(1:9.8.1.dfsg.P1-4.2ubuntu3.2)
|