CVE-2002-1146
published 2002-10-11CVE-2002-1146: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size…
medium5CVSS 3.1
AVNACLAuNCNINAP
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glibc | < glibc 2.3 (bookworm) | glibc 2.3 (bookworm) |
| gnu | glibc | <= 2.2.5 | — |
| gnu | glibc | >= 0 < 2.3 | 2.3 |
| gnu | glibc | >= 0 < 2.3 | 2.3 |
| gnu | glibc | >= 0 < 2.3 | 2.3 |
| gnu | glibc | >= 0 < 2.3 | 2.3 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM