ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named

ISC Support Staff support-staff at
Tue Mar 26 18:08:38 UTC 2013

On 3/26/13 10:05 AM, Jack Tavares wrote:
> I have a request for clarification:
> The workaround states to rebuild BIND with regexp support disabled.
> And I see new versions of BIND have been released.
> Are those versions just a rebuild with regexp support disabled?
> Or are they a more comprehensive fix?

This question is addressed in the "CVE-2013-2266: FAQ and Supplemental
Information" Knowledge Base article, which I encourage everyone to read.

Please see specifically the section which begins:

   "What is the difference between deploying the patched versions
   of BIND versus implementing the documented workaround?"


Michael McNally
ISC Support

More information about the bind-users mailing list