CVE-2014-3859

Publication date 13 June 2014

Last updated 24 July 2024

Ubuntu priority

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
bind9	14.04 LTS trusty	Not affected
	13.10 saucy	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

only affected 9.10+

References

MITRE
NVD
Launchpad
Debian

Other references

https://kb.isc.org/article/AA-01166/74/CVE-2014-3859%3A-BIND-named-can-crash-due-to-a-defect-in-EDNS-printing-processing.html
https://www.cve.org/CVERecord?id=CVE-2014-3859