CVE-2002-1221Bind vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
4.3%
top 11.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
FreebsdISC BindOpenbsd
Timeline
PublishedNov 29
Latest updateApr 30

Description

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDisc/bind14 versions+13
NVDopenbsd/openbsd3.0, 3.1, 3.2+2

Also affects: Freebsd 4.4, 4.5, 4.6, 4.7

Patches

Patch: bvlive01.iss.netPatch: www.isc.orgPatch: bvlive01.iss.net

🔴Vulnerability Details

2
GHSA
GHSA-6qgf-gfj4-gj5c: BIND 82022-04-30
CVEList
CVE-2002-1221: BIND 82004-09-01

📋Vendor Advisories

1
Debian
CVE-2002-1221: bind9 - BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (cra...2002
CVE-2002-1221 — ISC Bind vulnerability | cvebase