CVE-2013-4854

high

Published 2013-07-29 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.8

VIR risk

7.8

Description

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4854

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.isc.org/article/AA-01016

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.isc.org/article/AA-01015

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03922396

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.mandriva.com/security/advisories?name=MDVSA-2013:202

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.freebsd.org/security/advisories/FreeBSD-SA-13:07.bind.asc

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/54432

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/54323

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/54211

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/54207

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/54185

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/54134

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://rhn.redhat.com/errata/RHSA-2013-1115.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://rhn.redhat.com/errata/RHSA-2013-1114.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00018.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00004.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113251.html

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113108.html

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`1:9.8.4.dfsg.P1-6+nmu3`
debian	bullseye	fixed	`1:9.8.4.dfsg.P1-6+nmu3`
debian	forky	fixed	`1:9.8.4.dfsg.P1-6+nmu3`
debian	sid	fixed	`1:9.8.4.dfsg.P1-6+nmu3`
debian	trixie	fixed	`1:9.8.4.dfsg.P1-6+nmu3`
rhel	5	affected
rhel	6.0	affected
suse	11.4	affected
fedora	18	affected
fedora	19	affected
freebsd	8.0	affected
freebsd	8.1	affected
freebsd	8.2	affected
freebsd	8.3	affected
freebsd	8.4	affected
freebsd	9.0	affected
freebsd	9.1	affected
freebsd	9.2	affected

Application impact

Vendor	Product	Versions
isc	bind	`9.7.0`
isc	bind	`9.7.1`
isc	bind	`9.7.2`
isc	bind	`9.7.3`
isc	bind	`9.7.4`
isc	bind	`9.7.5`
isc	bind	`9.7.6`
isc	bind	`9.7.7`
suse	suse_linux_enterprise_software_development_kit	`11.0`
isc	dnsco_bind	`9.9.3`
isc	dnsco_bind	`9.9.4`
isc	bind	`9.9.0`
isc	bind	`9.9.1`
isc	bind	`9.9.2`
isc	bind	`9.9.3`
isc	bind	`9.8.0`
isc	bind	`9.8.1`
isc	bind	`9.8.2`
isc	bind	`9.8.3`
isc	bind	`9.8.4`
isc	bind	`9.8.5`
isc	bind	`9.8.6`

References

Verify integrity in audit chain (admin only). AS-IS.