CVE-2002-0029 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Bind

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

21.8%

top 4.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Astaro Security Linux ISC Bind

Timeline

PublishedNov 29

Latest updateMay 3

Description

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDisc/bind9 versions+8

▶NVDastaro/security_linux9 versions+8

Patches

Patch: www.cert.org ↗Patch: www.isc.org ↗Patch: www.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-wc7g-r6mj-mjf6: Buffer overflows in the DNS stub resolver library in ISC BIND 4↗2022-05-03

▶

CVEList

CVE-2002-0029: Buffer overflows in the DNS stub resolver library in ISC BIND 4↗2002-11-21

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-11-12

▶

Debian

CVE-2002-0029: bind9 - Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9....↗2002

▶

💬Community

Bugzilla

CVE-2002-0029 security flaw↗2018-08-16

▶