suse · CVE-2014-0591

Quick triage

Priority: medium Published: 2021-05-30 13:18:27 UTC Updated: 2026-04-18 18:44:55 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2014-0591 severity moderate: SUSE including 166 source package names (bind-9.10.3P4-21.1, bind-9.11.2-1.24, …), 254 product×package rows across 40 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 11 SP3, … (40 product lines)): Fixed 254.

Description:

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

cvelogic Threat Intelligence