CVE-2013-3919

high

Published 2013-06-06 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.8

VIR risk

7.8

Description

resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-3919

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.isc.org/article/AA-00967/

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0`
debian	bullseye	fixed	`0`
debian	forky	fixed	`0`
debian	sid	fixed	`0`
debian	trixie	fixed	`0`

Application impact

Vendor	Product	Versions
isc	bind	`9.6`
isc	bind	`9.8.5`
isc	bind	`9.9.3`

References

http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
https://kb.isc.org/article/AA-00967/
https://support.apple.com/kb/HT6536
https://security-tracker.debian.org/tracker/CVE-2013-3919

Verify integrity in audit chain (admin only). AS-IS.