Vulnerability Report

CVE-2013-4854

Title: Suse Suse Linux Enterprise Software Development Kit Denial of Service (DoS)

DoS

Proof Of Concept

No public PoC currently indexed for CVE-2013-4854.

CWE Category NVD-CWE-noinfo

Published Date Jul 29, 2013

Modified Date Apr 29, 2026

Exploit Status Not Found

Score 7.8 CVSS v2.0

Exploit Probability (EPSS)

51.15%

Vulnerability Summary

CVE-2013-4854: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Impacted Vendors

isc 2

suse 1

Reference Links

http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html http://rhn.redhat.com/errata/RHSA-2013-1114.html http://rhn.redhat.com/errata/RHSA-2013-1115.html http://secunia.com/advisories/54134 http://secunia.com/advisories/54185 http://secunia.com/advisories/54207 http://secunia.com/advisories/54211 http://secunia.com/advisories/54323 http://secunia.com/advisories/54432 http://www.debian.org/security/2013/dsa-2728 http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc http://www.mandriva.com/security/advisories?name=MDVSA-2013:202 http://www.securityfocus.com/bid/61479 http://www.securitytracker.com/id/1028838 http://www.ubuntu.com/usn/USN-1910-1 http://www.zerodayinitiative.com/advisories/ZDI-13-210/ https://exchange.xforce.ibmcloud.com/vulnerabilities/86004 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396 https://kb.isc.org/article/AA-01015 https://kb.isc.org/article/AA-01016 https://kc.mcafee.com/corporate/index?page=content&id=SB10052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561 https://support.apple.com/kb/HT6536 http://archives.neohapsis.com/archives/bugtraq/2013-08/0030.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://linux.oracle.com/errata/ELSA-2014-1244 http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html http://rhn.redhat.com/errata/RHSA-2013-1114.html http://rhn.redhat.com/errata/RHSA-2013-1115.html http://secunia.com/advisories/54134 http://secunia.com/advisories/54185 http://secunia.com/advisories/54207 http://secunia.com/advisories/54211 http://secunia.com/advisories/54323 http://secunia.com/advisories/54432 http://www.debian.org/security/2013/dsa-2728 http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc http://www.mandriva.com/security/advisories?name=MDVSA-2013:202 http://www.securityfocus.com/bid/61479 http://www.securitytracker.com/id/1028838 http://www.ubuntu.com/usn/USN-1910-1 http://www.zerodayinitiative.com/advisories/ZDI-13-210/ https://exchange.xforce.ibmcloud.com/vulnerabilities/86004 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396 https://kb.isc.org/article/AA-01015 https://kb.isc.org/article/AA-01016 https://kc.mcafee.com/corporate/index?page=content&id=SB10052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19561 https://support.apple.com/kb/HT6536

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.8

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:N/I:N/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2013-4854 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

July 29, 2013 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:N/C:N/I:N/A:C

Affected Stack

No specific products linked.