1. Home
  2. CVE Database
  3. CVE-2015-1349
MEDIUM · 5.4

CVE-2015-1349

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service...

Vulnerability Description

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

CVSS Score

5.4

MEDIUM

AV:N/AC:H/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
IscBind9.7.0

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2015-1349?

CVE-2015-1349 is a vulnerability with a CVSS score of 5.4 (MEDIUM). named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service...

How severe is CVE-2015-1349?

CVE-2015-1349 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1349?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind.