cbcvebase.
CVE-2009-0858
published 2009-03-09

CVE-2009-0858: The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows…

PriorityP339medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EXPLOIT
EPSS
6.28%
92.7th percentile
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.

Affected

6 ranges
VendorProductVersion rangeFixed in
d.j.bernsteindjbdns<= 1.05
d.j.bernsteindjbdns>= 0 < 1:1.05-51:1.05-5
d.j.bernsteindjbdns>= 0 < 1:1.05-51:1.05-5
d.j.bernsteindjbdns>= 0 < 1:1.05-51:1.05-5
d.j.bernsteindjbdns>= 0 < 1:1.05-51:1.05-5
debiandjbdns< djbdns 1:1.05-5 (bookworm)djbdns 1:1.05-5 (bookworm)

CVSS provenance

nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv5.8MEDIUM
vendor_debian5.8LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.