Denial of service vulnerability in the ISC BIND via a crafted regular expressionID: oval:org.secpod.oval:def:15470 | Date: (C)2013-09-20 (M)2023-12-07 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X Lion 10.7 through 10.7.5, Mac OS X Mountain Lion 10.8 through 10.8.4 and is prone to denial of service vulnerability. The flaw is present in the libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms, which fails to handle a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. Successful exploitation could allows remote attackers to cause a denial of service (memory consumption).
Platform: |
Apple Mac OS X 10.7 |
Apple Mac OS X Server 10.7 |
Apple Mac OS X 10.8 |
Apple Mac OS X Server 10.8 |