CVE-2013-4854 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available. This is classified as a zero-day vulnerability.
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
Very high probability of exploitation in the next 30 days
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
| Vendor | Product |
|---|---|
| Isc | Bind |
| Slackware | Slackware Linux |
| Freebsd | Freebsd |
| Mandriva | Business Server |
| Isc | Dnsco Bind |
| Novell | Suse Linux |
| Suse | Suse Linux Enterprise Software Development Kit |
| Redhat | Enterprise Linux |
| Fedoraproject | Fedora |
| HP | HP Ux |
And 2 more...