CVE-2002-0684 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

9 documents7 sources

Severity

7.5HIGHNVD

EPSS

3.6%

top 12.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc ISC Bind

Timeline

PublishedAug 12

Latest updateApr 30

Description

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶Debiangnu/glibc< 2.2.5-8+3

▶NVDgnu/glibc2.2.5

▶NVDisc/bind4.9.8

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-w4pr-xjh8-387g: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4↗2022-04-30

▶

OSV

CVE-2002-0684: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4↗2002-08-12

▶

CVEList

CVE-2002-0684: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4↗2002-07-31

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-11-12

▶

Red Hat

security flaw↗2002-06-26

▶

Debian

CVE-2002-0684: glibc - Buffer overflow in DNS resolver functions that perform lookup of network names a...↗2002

▶

💬Community

Bugzilla

CVE-2002-0684 security flaw↗2018-08-16

▶

Bugzilla

CVE-2002-0029 security flaw↗2018-08-16

▶