CVE-2014-8500 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

View Analysis Description Analysis Description ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: N/A NVD score not yet provided. CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 7.8 HIGH Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-399 Resource Management Errors NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 18 change records found show changes CVE Modified by MITRE 7/30/2019 2:15:12 PM Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20190730-0002/ [No Types Assigned]



CVE Modified by MITRE 1/02/2017 9:59:19 PM Action Type Old Value New Value Added Reference http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-002.txt.asc [No Types Assigned]



Added Reference http://secunia.com/advisories/62064 [No Types Assigned]



Added Reference http://secunia.com/advisories/62122 [No Types Assigned]



CVE Modified by MITRE 12/27/2016 9:59:01 PM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html [No Types Assigned]



CVE Modified by MITRE 12/07/2016 10:6:21 PM Action Type Old Value New Value Added Reference http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10676 [No Types Assigned]



CVE Modified by MITRE 12/05/2016 9:59:24 PM Action Type Old Value New Value Added Reference http://rhn.redhat.com/errata/RHSA-2016-0078.html [No Types Assigned]



CVE Modified by Source 10/25/2016 10:0:42 PM Action Type Old Value New Value Added Reference http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html



CVE Modified by Source 9/08/2016 9:59:51 PM Action Type Old Value New Value Added Reference http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html



CVE Modified by Source 8/22/2016 10:8:41 PM Action Type Old Value New Value Added Reference http://marc.info/?l=bugtraq&m=144000632319155&w=2



CVE Modified by Source 9/18/2015 9:59:46 PM Action Type Old Value New Value Added Reference http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html



Added Reference https://support.apple.com/HT205219



CVE Modified by Source 4/01/2015 9:59:38 PM Action Type Old Value New Value Added Reference http://advisories.mageia.org/MGASA-2014-0524.html



Added Reference http://www.mandriva.com/security/advisories?name=MDVSA-2015:165



CVE Modified by Source 3/17/2015 10:2:52 PM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00009.html



Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00013.html



CVE Modified by Source 3/16/2015 10:1:14 PM Action Type Old Value New Value Added Reference http://marc.info/?l=bugtraq&m=142180687100892&w=2



CVE Modified by Source 2/26/2015 9:59:08 PM Action Type Old Value New Value Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00001.html



Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00017.html



CVE Modified by Source 2/20/2015 10:1:37 PM Action Type Old Value New Value Added Reference http://security.gentoo.org/glsa/glsa-201502-03.xml



Modified Analysis 12/16/2014 10:4:06 PM Action Type Old Value New Value Changed Reference Type http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html No Types Assigned



http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html Advisory



Changed Reference Type http://www.kb.cert.org/vuls/id/264212 US Govt Resource



http://www.kb.cert.org/vuls/id/264212 Advisory, US Govt Resource



CVE Modified by Source 12/11/2014 10:4:05 PM Action Type Old Value New Value Added Reference http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html



Added Reference http://www.kb.cert.org/vuls/id/264212



Modified Analysis 12/11/2014 8:46:51 PM Action Type Old Value New Value Added CPE Configuration Record truncated, showing 500 of 3163 characters.

View Entire Change Record

Configuration 1 OR *cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.0.1:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.1:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.1.1:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.1.2:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.1.3:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.2:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.2.0:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9.2.1:*:*:*:*:*:*:* *cpe:2.3:a:isc:bind:9. Added CVSS V2 (AV:N/AC:L/Au:N/C:N/I:N/A:C)



Added CWE CWE-399



Changed Reference Type http://ubuntu.com/usn/usn-2437-1 No Types Assigned



http://ubuntu.com/usn/usn-2437-1 Advisory, Patch



Changed Reference Type http://www.debian.org/security/2014/dsa-3094 No Types Assigned



http://www.debian.org/security/2014/dsa-3094 Advisory



Changed Reference Type https://kb.isc.org/article/AA-01216/ No Types Assigned



https://kb.isc.org/article/AA-01216/ Advisory



Initial CVE Analysis 12/11/2014 3:57:26 PM Action Type Old Value New Value Quick Info CVE Dictionary Entry:

CVE-2014-8500

NVD Published Date:

12/10/2014

NVD Last Modified:

01/02/2017

Source:

MITRE

