Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2326Improper Input Validation in Apple Bonjour

CWE-20Improper Input Validation4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
6.7%
top 8.76%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apple Bonjour
Timeline
PublishedSep 11
Latest updateMay 1

Description

mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapple/bonjour1.0.4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-mgq3-vvm3-gj5g: mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 12022-05-01
CVEList
CVE-2008-2326: mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 12008-09-10

💥Exploits & PoCs

1
Exploit-DB
Apple Bonjour for Windows 1.0.4 - mDNSResponder Null Pointer Dereference Denial of Service2008-09-09
CVE-2008-2326 — Improper Input Validation in Apple | cvebase