View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-0591 severity moderate: SUSE including 166 source package names (bind-9.10.3P4-21.1, bind-9.11.2-1.24, …), 254 product×package rows across 40 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, … (40 product lines)): Fixed 254.
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.