HIGH✓ PATCH🇬🇧 English

CVE-2015-4620

CVSS 7.8v2.0pub. 2015-07-08upd. 2026-05-06

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Isc Bind

    APP
    Isc
    9.10.09.10.19.10.29.7.09.7.19.7.29.7.39.7.49.7.59.7.69.7.79.8.09.8.19.8.29.8.3+ 11 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-5947HIGH7.5ten sam produkt

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives...

CVE-2026-3039HIGH7.5ten sam produkt

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessi...

CVE-2026-3593HIGH7.4ten sam produkt

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 vers...

CVE-2026-5946HIGH7.5ten sam produkt

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Inte...

CVE-2026-3104HIGH7.5ten sam produkt

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domai...