CVE-2015-5722 - Vulnerability Details

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Server
Isc	Bind
Redhat	Enterprise Linux Rhel Aus Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:a:isc:bind::p2::::::*
	cpe:2.3:a:isc:bind::p3::::::*

Configuration 2 [-]

cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
bind-30:9.3.6-25.P1.el5_11.4	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1706	2015-09-03T00:00:00Z
bind97-32:9.7.0-21.P2.el5_11.3	cpe:/o:redhat:enterprise_linux:5	RHSA-2015:1707	2015-09-03T00:00:00Z
Red Hat Enterprise Linux 6
bind-32:9.8.2-0.37.rc1.el6_7.4	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1705	2015-09-03T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
bind-32:9.8.2-0.17.rc1.el6_4.7	cpe:/o:redhat:rhel_aus:6.4	RHSA-2016:0078	2016-01-28T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
bind-32:9.8.2-0.23.rc1.el6_5.2	cpe:/o:redhat:rhel_aus:6.5	RHSA-2016:0078	2016-01-28T00:00:00Z
Red Hat Enterprise Linux 6.6 Extended Update Support
bind-32:9.8.2-0.30.rc1.el6_6.4	cpe:/o:redhat:rhel_eus:6.6	RHSA-2016:0079	2016-01-28T00:00:00Z
Red Hat Enterprise Linux 7
bind-32:9.9.4-18.el7_1.5	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1705	2015-09-03T00:00:00Z

References

Link	Providers
http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
http://marc.info/?l=bugtraq&m=144294073801304&w=2
http://rhn.redhat.com/errata/RHSA-2015-1705.html
http://rhn.redhat.com/errata/RHSA-2015-1706.html
http://rhn.redhat.com/errata/RHSA-2015-1707.html
http://rhn.redhat.com/errata/RHSA-2016-0078.html
http://rhn.redhat.com/errata/RHSA-2016-0079.html
http://www.debian.org/security/2015/dsa-3350
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/76605
http://www.securitytracker.com/id/1033452
http://www.ubuntu.com/usn/USN-2728-1
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918
https://kb.isc.org/article/AA-01287
https://kb.isc.org/article/AA-01287/0
https://kb.isc.org/article/AA-01305
https://kb.isc.org/article/AA-01306
https://kb.isc.org/article/AA-01307
https://kb.isc.org/article/AA-01438
https://kc.mcafee.com/corporate/index?page=content&id=SB10134
https://nvd.nist.gov/vuln/detail/CVE-2015-5722
https://security.gentoo.org/glsa/201510-01
https://security.netapp.com/advisory/ntap-20190730-0001/
https://support.apple.com/HT205376
https://www.cve.org/CVERecord?id=CVE-2015-5722

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-09-05T01:00:00

Updated: 2024-08-06T06:59:04.288Z

Reserved: 2015-08-03T00:00:00

Link: CVE-2015-5722

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2015-09-05T02:59:03.307

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-5722

Redhat

Severity : Important

Publid Date: 2015-09-02T00:00:00Z

Links: CVE-2015-5722 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-02T00:00:00", "descriptions": [{"lang": "en", "value": "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-30T17:06:09", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2728-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2728-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "openSUSE-SU-2015:1667", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html"}, {"name": "FEDORA-2015-15041", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html"}, {"name": "RHSA-2015:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1706.html"}, {"name": "APPLE-SA-2015-10-21-8", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01438"}, {"name": "FEDORA-2015-14954", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01287"}, {"name": "SSRT102248", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"name": "RHSA-2016:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT205376"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218"}, {"name": "SUSE-SU-2015:1481", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10134"}, {"name": "SUSE-SU-2015:1496", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01307"}, {"name": "RHSA-2015:1707", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1707.html"}, {"name": "FEDORA-2015-15062", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html"}, {"name": "HPSBUX03511", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"name": "FEDORA-2015-15061", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html"}, {"name": "1033452", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033452"}, {"name": "openSUSE-SU-2015:1597", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html"}, {"name": "GLSA-201510-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201510-01"}, {"name": "76605", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76605"}, {"name": "DSA-3350", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3350"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"}, {"name": "SUSE-SU-2015:1480", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01305"}, {"name": "RHSA-2016:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"}, {"name": "SUSE-SU-2016:0227", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.isc.org/article/AA-01306"}, {"name": "FEDORA-2015-14958", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"}, {"name": "RHSA-2015:1705", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1705.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5722", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2728-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2728-1"}, {"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "openSUSE-SU-2015:1667", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html"}, {"name": "FEDORA-2015-15041", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html"}, {"name": "RHSA-2015:1706", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1706.html"}, {"name": "APPLE-SA-2015-10-21-8", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"}, {"name": "https://kb.isc.org/article/AA-01438", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01438"}, {"name": "FEDORA-2015-14954", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"}, {"name": "https://kb.isc.org/article/AA-01287", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01287"}, {"name": "SSRT102248", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"name": "RHSA-2016:0079", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"name": "https://support.apple.com/HT205376", "refsource": "CONFIRM", "url": "https://support.apple.com/HT205376"}, {"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218"}, {"name": "SUSE-SU-2015:1481", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10134", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10134"}, {"name": "SUSE-SU-2015:1496", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html"}, {"name": "https://kb.isc.org/article/AA-01307", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01307"}, {"name": "RHSA-2015:1707", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1707.html"}, {"name": "FEDORA-2015-15062", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html"}, {"name": "HPSBUX03511", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"name": "FEDORA-2015-15061", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html"}, {"name": "1033452", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033452"}, {"name": "openSUSE-SU-2015:1597", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html"}, {"name": "GLSA-201510-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201510-01"}, {"name": "76605", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76605"}, {"name": "DSA-3350", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3350"}, {"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"}, {"name": "SUSE-SU-2015:1480", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html"}, {"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105"}, {"name": "https://kb.isc.org/article/AA-01305", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01305"}, {"name": "RHSA-2016:0078", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"}, {"name": "SUSE-SU-2016:0227", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"}, {"name": "https://kb.isc.org/article/AA-01306", "refsource": "CONFIRM", "url": "https://kb.isc.org/article/AA-01306"}, {"name": "FEDORA-2015-14958", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"}, {"name": "RHSA-2015:1705", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1705.html"}, {"name": "https://security.netapp.com/advisory/ntap-20190730-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:59:04.288Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2728-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2728-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "openSUSE-SU-2015:1667", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html"}, {"name": "FEDORA-2015-15041", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html"}, {"name": "RHSA-2015:1706", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1706.html"}, {"name": "APPLE-SA-2015-10-21-8", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01438"}, {"name": "FEDORA-2015-14954", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01287"}, {"name": "SSRT102248", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"name": "RHSA-2016:0079", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT205376"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218"}, {"name": "SUSE-SU-2015:1481", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10134"}, {"name": "SUSE-SU-2015:1496", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01307"}, {"name": "RHSA-2015:1707", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1707.html"}, {"name": "FEDORA-2015-15062", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html"}, {"name": "HPSBUX03511", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"name": "FEDORA-2015-15061", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html"}, {"name": "1033452", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033452"}, {"name": "openSUSE-SU-2015:1597", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html"}, {"name": "GLSA-201510-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201510-01"}, {"name": "76605", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76605"}, {"name": "DSA-3350", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3350"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"}, {"name": "SUSE-SU-2015:1480", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01305"}, {"name": "RHSA-2016:0078", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"}, {"name": "SUSE-SU-2016:0227", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.isc.org/article/AA-01306"}, {"name": "FEDORA-2015-14958", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"}, {"name": "RHSA-2015:1705", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1705.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-5722", "datePublished": "2015-09-05T01:00:00", "dateReserved": "2015-08-03T00:00:00", "dateUpdated": "2024-08-06T06:59:04.288Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*", "matchCriteriaId": "E5DB42B0-9CB2-4BFC-A65F-7FD5B02E2A2C", "versionEndIncluding": "9.9.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*", "matchCriteriaId": "55E3AFE2-7622-4D11-ADCA-708E9E72BB0D", "versionEndIncluding": "9.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "1B9E950F-9312-4352-A7CE-21D09A3456B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone."}, {"lang": "es", "value": "Vulnerabilidad en buffer.c en nombrado en ISC BIND 9.x en versiones anteriores a 9.9.7-P3 y 9.10.x en versiones anteriores a 9.10.2-P4, permite a atacantes remotos causar una denegaci\u00f3n de servicio (error de aserci\u00f3n y salida del demonio) mediante la creaci\u00f3n de una zona de contenci\u00f3n, una clave DNSSEC mal formada y la emisi\u00f3n de una consulta para un nombre en esa zona."}], "id": "CVE-2015-5722", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-05T02:59:03.307", "references": [{"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1705.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1706.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1707.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3350"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76605"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033452"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2728-1"}, {"source": "cve@mitre.org", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218"}, {"source": "cve@mitre.org", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105"}, {"source": "cve@mitre.org", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"}, {"source": "cve@mitre.org", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/article/AA-01287"}, {"source": "cve@mitre.org", "url": "https://kb.isc.org/article/AA-01305"}, {"source": "cve@mitre.org", "url": "https://kb.isc.org/article/AA-01306"}, {"source": "cve@mitre.org", "url": "https://kb.isc.org/article/AA-01307"}, {"source": "cve@mitre.org", "url": "https://kb.isc.org/article/AA-01438"}, {"source": "cve@mitre.org", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10134"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201510-01"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT205376"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=144294073801304&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1705.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1706.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1707.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-0079.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3350"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/76605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1033452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2728-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/article/AA-01287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.isc.org/article/AA-01305"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.isc.org/article/AA-01306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.isc.org/article/AA-01307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kb.isc.org/article/AA-01438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201510-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20190730-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.apple.com/HT205376"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno B\u00f6ck as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:1706", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "bind-30:9.3.6-25.P1.el5_11.4", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-09-03T00:00:00Z"}, {"advisory": "RHSA-2015:1707", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "bind97-32:9.7.0-21.P2.el5_11.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2015-09-03T00:00:00Z"}, {"advisory": "RHSA-2015:1705", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "bind-32:9.8.2-0.37.rc1.el6_7.4", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-09-03T00:00:00Z"}, {"advisory": "RHSA-2016:0078", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "bind-32:9.8.2-0.17.rc1.el6_4.7", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2016-01-28T00:00:00Z"}, {"advisory": "RHSA-2016:0078", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "bind-32:9.8.2-0.23.rc1.el6_5.2", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2016-01-28T00:00:00Z"}, {"advisory": "RHSA-2016:0079", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "bind-32:9.8.2-0.30.rc1.el6_6.4", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2016-01-28T00:00:00Z"}, {"advisory": "RHSA-2015:1705", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "bind-32:9.9.4-18.el7_1.5", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-09-03T00:00:00Z"}], "bugzilla": {"description": "bind: malformed DNSSEC key failed assertion denial of service", "id": "1259087", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1259087"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-617", "details": ["buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.", "A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash."], "name": "CVE-2015-5722", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 4"}], "public_date": "2015-09-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5722\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5722\nhttps://kb.isc.org/article/AA-01287/0"], "threat_severity": "Important"}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object