CVE-2014-8680 — MEDIUM (5.4)

Vulnerability Description

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.

CVSS Score

5.4

MEDIUM

AV:N/AC:H/Au:N/C:N/I:N/A:C

Confidentiality

NONE

Integrity

NONE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Isc	Bind	9.10.0

Related Weaknesses (CWE)

CWE-20 CWE-284

References

http://security.gentoo.org/glsa/glsa-201502-03.xmlThird Party Advisory
https://kb.isc.org/article/AA-01217Vendor Advisory
https://security.netapp.com/advisory/ntap-20190730-0002/
http://security.gentoo.org/glsa/glsa-201502-03.xmlThird Party Advisory
https://kb.isc.org/article/AA-01217Vendor Advisory
https://security.netapp.com/advisory/ntap-20190730-0002/

FAQ

What is CVE-2014-8680?

CVE-2014-8680 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases...

How severe is CVE-2014-8680?

CVE-2014-8680 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-8680?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind.