CVE-2013-4854 [高] | Denial of Service（Bind）

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

#	日付	旧 EPSS スコア	新 EPSS スコア	Δ（新 − 旧）
1	2026-04-18	53.70%	51.15%	-2.55%
2	2026-03-04	40.11%	53.70%	+13.59%
3	2026-03-01	—	40.11%	—

日付

旧 EPSS スコア

新 EPSS スコア

Δ（新 − 旧）

2026-04-18

53.70%

51.15%

-2.55%

2026-03-04

40.11%

53.70%

+13.59%

2026-03-01

—

40.11%

—

ベーススコア	バージョン	深刻度	ベクトル	悪用しやすさ	影響	スコアの出典
7.8	2.0	HIGH	`AV:N/AC:L/Au:N/C:N/I:N/A:C` クリックして展開アクセス経路 (AV:N) ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。アクセスの複雑さ (AC:L) 手順が短く、再現性が高い。認証 (AU:N) 認証を経ずに攻撃を完結できる。機密性への影響 (C:N) 機密性は損なわれない。完全性への影響 (I:N) 完全性は損なわれない。可用性への影響 (A:C) 可用性は全面的に損なわれる。	10.0	6.9	[email protected]

ベーススコア

バージョン

深刻度

ベクトル

悪用しやすさ

影響

スコアの出典

7.8

2.0

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C クリックして展開

アクセス経路 (AV:N): ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:L): 手順が短く、再現性が高い。
認証 (AU:N): 認証を経ずに攻撃を完結できる。
機密性への影響 (C:N): 機密性は損なわれない。
完全性への影響 (I:N): 完全性は損なわれない。
可用性への影響 (A:C): 可用性は全面的に損なわれる。

10.0

6.9

[email protected]

CVE-2013-4854 の OS トラッカー

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2013-4854 not yet assigned priority: Debian including 1 source packages (bind9), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2013-4854
`gentoo`	normal	CVE-2013-4854: 1 GLSA(s) (201401-34), 1 atom(s) (net-dns/bind); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2013-4854
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2013-4854
`suse`	medium	CVE-2013-4854 severity moderate: SUSE including 155 source package names (bind-9.10.3P4-21.1, bind-9.11.2-1.24, …), 242 product×package rows across 38 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, … (38 product lines)): Fixed 242.	https://www.suse.com/security/cve/CVE-2013-4854/
`ubuntu`	high	CVE-2013-4854 high priority: Ubuntu including 1 source packages (bind9), 5 status rows across 5 suites (lucid, precise, quantal, raring, upstream): released 5.	https://ubuntu.com/security/CVE-2013-4854

CVE-2013-4854 の影響を受けるソフトウェア／構成

ベンダー	製品	バージョン	生の CPE
isc	bind	9.7.0	cpe:2.3:a:isc:bind:9.7.0:::::::*
isc	bind	9.7.0	cpe:2.3:a:isc:bind:9.7.0:b1::::::
isc	bind	9.7.0	cpe:2.3:a:isc:bind:9.7.0:p1::::::
isc	bind	9.7.0	cpe:2.3:a:isc:bind:9.7.0:p2::::::
isc	bind	9.7.0	cpe:2.3:a:isc:bind:9.7.0:rc1::::::
isc	bind	9.7.0	cpe:2.3:a:isc:bind:9.7.0:rc2::::::
isc	bind	9.7.1	cpe:2.3:a:isc:bind:9.7.1:::::::*
isc	bind	9.7.1	cpe:2.3:a:isc:bind:9.7.1:p1::::::
isc	bind	9.7.1	cpe:2.3:a:isc:bind:9.7.1:p2::::::
isc	bind	9.7.1	cpe:2.3:a:isc:bind:9.7.1:rc1::::::
isc	bind	9.7.2	cpe:2.3:a:isc:bind:9.7.2:::::::*
isc	bind	9.7.2	cpe:2.3:a:isc:bind:9.7.2:p1::::::
isc	bind	9.7.2	cpe:2.3:a:isc:bind:9.7.2:p2::::::
isc	bind	9.7.2	cpe:2.3:a:isc:bind:9.7.2:p3::::::
isc	bind	9.7.2	cpe:2.3:a:isc:bind:9.7.2:rc1::::::
isc	bind	9.7.3	cpe:2.3:a:isc:bind:9.7.3:::::::*
isc	bind	9.7.3	cpe:2.3:a:isc:bind:9.7.3:b1::::::
isc	bind	9.7.3	cpe:2.3:a:isc:bind:9.7.3:p1::::::
isc	bind	9.7.3	cpe:2.3:a:isc:bind:9.7.3:rc1::::::
isc	bind	9.7.4	cpe:2.3:a:isc:bind:9.7.4:::::::*
isc	bind	9.7.4	cpe:2.3:a:isc:bind:9.7.4:b1::::::
isc	bind	9.7.4	cpe:2.3:a:isc:bind:9.7.4:p1::::::
isc	bind	9.7.4	cpe:2.3:a:isc:bind:9.7.4:rc1::::::
isc	bind	9.7.5	cpe:2.3:a:isc:bind:9.7.5:::::::*
isc	bind	9.7.5	cpe:2.3:a:isc:bind:9.7.5:b1::::::
isc	bind	9.7.5	cpe:2.3:a:isc:bind:9.7.5:rc1::::::
isc	bind	9.7.5	cpe:2.3:a:isc:bind:9.7.5:rc2::::::
isc	bind	9.7.6	cpe:2.3:a:isc:bind:9.7.6:::::::*
isc	bind	9.7.6	cpe:2.3:a:isc:bind:9.7.6:p1::::::
isc	bind	9.7.6	cpe:2.3:a:isc:bind:9.7.6:p2::::::
isc	bind	9.7.7	cpe:2.3:a:isc:bind:9.7.7:::::::*
suse	suse_linux_enterprise_software_development_kit	11.0	cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp2::::::
suse	suse_linux_enterprise_software_development_kit	11.0	cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:11.0:sp3::::::
novell	suse_linux	11	cpe:2.3:o:novell:suse_linux:11::server:::::
isc	dnsco_bind	9.9.3	cpe:2.3:a:isc:dnsco_bind:9.9.3:s1::::::
isc	dnsco_bind	9.9.4	cpe:2.3:a:isc:dnsco_bind:9.9.4:s1b1::::::
opensuse	opensuse	11.4	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:::::::*
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:a1::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:a2::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:a3::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:b1::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:b2::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:rc1::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:rc2::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:rc3::::::
isc	bind	9.9.0	cpe:2.3:a:isc:bind:9.9.0:rc4::::::
isc	bind	9.9.1	cpe:2.3:a:isc:bind:9.9.1:::::::*
isc	bind	9.9.1	cpe:2.3:a:isc:bind:9.9.1:p1::::::
isc	bind	9.9.1	cpe:2.3:a:isc:bind:9.9.1:p2::::::
isc	bind	9.9.2	cpe:2.3:a:isc:bind:9.9.2:::::::*
isc	bind	9.9.3	cpe:2.3:a:isc:bind:9.9.3:::::::*
isc	bind	9.9.3	cpe:2.3:a:isc:bind:9.9.3:b1::::::
isc	bind	9.9.3	cpe:2.3:a:isc:bind:9.9.3:b2::::::
isc	bind	9.9.3	cpe:2.3:a:isc:bind:9.9.3:p1::::::
isc	bind	9.9.3	cpe:2.3:a:isc:bind:9.9.3:rc1::::::
isc	bind	9.9.3	cpe:2.3:a:isc:bind:9.9.3:rc2::::::
freebsd	freebsd	8.0	cpe:2.3:o:freebsd:freebsd:8.0:::::::*
freebsd	freebsd	8.1	cpe:2.3:o:freebsd:freebsd:8.1:::::::*
freebsd	freebsd	8.2	cpe:2.3:o:freebsd:freebsd:8.2:::::::*
freebsd	freebsd	8.3	cpe:2.3:o:freebsd:freebsd:8.3:::::::*
freebsd	freebsd	8.4	cpe:2.3:o:freebsd:freebsd:8.4:::::::*
freebsd	freebsd	9.0	cpe:2.3:o:freebsd:freebsd:9.0:::::::*
freebsd	freebsd	9.1	cpe:2.3:o:freebsd:freebsd:9.1:::::::*
freebsd	freebsd	9.1	cpe:2.3:o:freebsd:freebsd:9.1:p4::::::
freebsd	freebsd	9.1	cpe:2.3:o:freebsd:freebsd:9.1:p5::::::
freebsd	freebsd	9.2	cpe:2.3:o:freebsd:freebsd:9.2:prerelease::::::
freebsd	freebsd	9.2	cpe:2.3:o:freebsd:freebsd:9.2:rc1::::::
freebsd	freebsd	9.2	cpe:2.3:o:freebsd:freebsd:9.2:rc2::::::
mandriva	business_server	1.0	cpe:2.3:o:mandriva:business_server:1.0:::::::*
mandriva	enterprise_server	5.0	cpe:2.3:o:mandriva:enterprise_server:5.0:::::::*
redhat	enterprise_linux	5	cpe:2.3:o:redhat:enterprise_linux:5:::::::*
redhat	enterprise_linux	6.0	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:::::::*
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:a1::::::
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:b1::::::
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:p1::::::
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:p2::::::
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:p4::::::
isc	bind	9.8.0	cpe:2.3:a:isc:bind:9.8.0:rc1::::::

CVE-2013-4854 の参考情報

URL	タグ
http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://linux.oracle.com/errata/ELSA-2014-1244
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html	Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1114.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1115.html	Vendor Advisory
http://secunia.com/advisories/54134	Vendor Advisory
http://secunia.com/advisories/54185	Vendor Advisory
http://secunia.com/advisories/54207	Vendor Advisory
http://secunia.com/advisories/54211	Vendor Advisory
http://secunia.com/advisories/54323	Vendor Advisory
http://secunia.com/advisories/54432	Vendor Advisory
http://www.debian.org/security/2013/dsa-2728
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc	Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2013:202	Vendor Advisory
http://www.securityfocus.com/bid/61479
http://www.securitytracker.com/id/1028838
http://www.ubuntu.com/usn/USN-1910-1
http://www.zerodayinitiative.com/advisories/ZDI-13-210/
https://exchange.xforce.ibmcloud.com/vulnerabilities/86004
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396	Vendor Advisory
https://kb.isc.org/article/AA-01015	Vendor Advisory
https://kb.isc.org/article/AA-01016	Vendor Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10052
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561
https://support.apple.com/kb/HT6536

URL

タグ

http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

http://linux.oracle.com/errata/ELSA-2014-1244

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html