CVE-2015-8705
Published: 19 January 2016
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
Notes
Author | Note |
---|---|
tyhicks | Versions affected are 9.10.0 through 9.10.3-P2 |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.0 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |