CVE-2008-0122 — Off-by-one Error in Bind

CWE-189 CWE-193 — Off-by-one Error8 documents8 sources

Severity

10.0CRITICALNVD

EPSS

1.7%

top 17.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc ISC Bind

Timeline

PublishedJan 16

Latest updateMay 1

Description

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶Debiangnu/glibc< 2.2-1+3

▶NVDisc/bind9.4.2

Patches

Patch: security.freebsd.org ↗Patch: www.securityfocus.com ↗Patch: security.freebsd.org ↗

🔴Vulnerability Details

GHSA

GHSA-qfv4-7qhr-3fj9: Off-by-one error in the inet_network function in libbind in ISC BIND 9↗2022-05-01

▶

OSV

CVE-2008-0122: Off-by-one error in the inet_network function in libbind in ISC BIND 9↗2008-01-16

▶

CVEList

CVE-2008-0122: Off-by-one error in the inet_network function in libbind in ISC BIND 9↗2008-01-16

▶

📋Vendor Advisories

Red Hat

libbind off-by-one buffer overflow↗2008-01-14

▶

BSD

FreeBSD-SA-08:02.libc: inet_network() buffer overflow↗2008-01-14

▶

Debian

CVE-2008-0122: bind9 - Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and e...↗2008

▶

💬Community

Bugzilla

CVE-2008-0122 libbind off-by-one buffer overflow↗2008-01-17

▶