Input validation error in ISC BIND - CVE-2015-8705

 

Input validation error in ISC BIND - CVE-2015-8705

Published: January 20, 2016 / Updated: July 27, 2020


Vulnerability identifier: #VU31953
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2015-8705
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: ISC
Affected software:
ISC BIND

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to #BASIC_IMPACT#.

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.


How to mitigate CVE-2015-8705

Install update from vendor's website.

Sources