CVE-2002-1146Improper Restriction of Operations within the Bounds of a Memory Buffer in Glibc

7 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
9.7%
top 7.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Glibc
Timeline
PublishedOct 11
Latest updateMay 3

Description

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiangnu/glibc< 2.3+3
NVDgnu/glibc2.2.5

🔴Vulnerability Details

3
GHSA
GHSA-6w68-qf8p-27ph: The BIND 4 and BIND 82022-05-03
CVEList
CVE-2002-1146: The BIND 4 and BIND 82004-09-01
OSV
CVE-2002-1146: The BIND 4 and BIND 82002-10-11

📋Vendor Advisories

2
Red Hat
security flaw2002-10-03
Debian
CVE-2002-1146: glibc - The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as g...2002

💬Community

1
Bugzilla
CVE-2002-1146 security flaw2018-08-16
CVE-2002-1146 — GNU Glibc vulnerability | cvebase