Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1220Reachable Assertion in Bind

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
32.7%
top 3.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
FreebsdISC BindOpenbsd
Timeline
PublishedNov 29
Latest updateApr 30

Description

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDisc/bind4 versions+3
NVDopenbsd/openbsd3.0, 3.1, 3.2+2

Also affects: Freebsd 4.4, 4.5, 4.6, 4.7

Patches

Patch: bvlive01.iss.netPatch: www.isc.orgPatch: bvlive01.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-cqrp-292w-8w52: BIND 82022-04-30
CVEList
CVE-2002-1220: BIND 82004-09-01

💥Exploits & PoCs

1
Exploit-DB
ISC BIND 8.3.x - OPT Record Large UDP Denial of Service2002-11-12

📋Vendor Advisories

1
Debian
CVE-2002-1220: bind9 - BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (t...2002
CVE-2002-1220 — Reachable Assertion in ISC Bind | cvebase