CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.

CVSS v2.0 5.4 MEDIUM

5.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:C

Exploitability : 4.9 / Impact : 6.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://security.gentoo.org/glsa/glsa-201502-03.xml	Third Party Advisory
https://kb.isc.org/article/AA-01217	Vendor Advisory
https://security.netapp.com/advisory/ntap-20190730-0002/
http://security.gentoo.org/glsa/glsa-201502-03.xml	Third Party Advisory
https://kb.isc.org/article/AA-01217	Vendor Advisory
https://security.netapp.com/advisory/ntap-20190730-0002/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind:9.10.0:::::::*
	cpe:2.3:a:isc:bind:9.10.1:::::::*

History

21 Nov 2024, 02:19

Type	Values Removed	Values Added
References	~~() http://security.gentoo.org/glsa/glsa-201502-03.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-201502-03.xml - Third Party Advisory
References	~~() https://kb.isc.org/article/AA-01217 - Vendor Advisory~~	() https://kb.isc.org/article/AA-01217 - Vendor Advisory
References	~~() https://security.netapp.com/advisory/ntap-20190730-0002/ -~~	() https://security.netapp.com/advisory/ntap-20190730-0002/ -

Information

Published : 2014-12-11 02:59

Updated : 2024-11-21 02:19

NVD link : CVE-2014-8680

Mitre link : CVE-2014-8680

CVE.ORG link : CVE-2014-8680

JSON object : View

Products Affected

isc

bind

CWE

CWE-20

Improper Input Validation

CWE-284

Improper Access Control

{"id": "CVE-2014-8680", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-11T02:59:05.530", "references": [{"url": "http://security.gentoo.org/glsa/glsa-201502-03.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://kb.isc.org/article/AA-01217", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190730-0002/", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201502-03.xml", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://kb.isc.org/article/AA-01217", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20190730-0002/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options."}, {"lang": "es", "value": "La funcionalidad GeoIP en ISC BIND 9.10.0 hasta 9.10.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida nombrada) a trav\u00e9s de vectores relacionados con (1) la falta de bases de datos GeoIP para IPv4 y IPv6, o (2) el soporte IPv6 con ciertas opciones."}], "lastModified": "2024-11-21T02:19:34.987", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92ECA27E-4248-49BD-A84C-4854CCA19AC5"}, {"criteria": "cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16EB6777-8E49-4B07-B859-06D0C2F29DC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}