Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Aug 2015 14:32:41 +0200
From: Florian Weimer <>
To: ISC Security Officer <>,
        Assign a CVE Identifier <>
Subject: Is CVE-2015-4650 a duplicate, leak, or just a typo?

Some documents use CVE-2015-4650 to refer to a vulnerability in BIND.
Apparently, they source back to


which says:

Debian Security Update
AlienVault ID: ENG-101265
Description: name.c in named in ISC BIND 9.7.x through 9.9.x before
9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive
resolver with DNSSEC validation, allows remote attackers to cause a
denial of service (REQUIRE assertion failure and daemon exit) by
constructing crafted zone data and then making a query for a name in
that zone.
CVE ID: CVE-2015-4650
CVSS v2 Base Score: 7.8
CVSS v2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:N)

That description seems to match CVE-2015-4620, so I'm leaning towards typo:


I don't know how this came into being.  Debian does not appear
responsible, the immutable list archives use the correct ID:


Comments appreciated.

Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ