CVE-2010-3762 — Improper Input Validation in Bind

CWE-20 — Improper Input Validation8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

27.5%

top 3.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedOct 5

Latest updateMay 14

Description

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.7.2.dfsg.P2-1+3

▶NVDisc/bind9.7.2

🔴Vulnerability Details

GHSA

GHSA-hv8v-8gq8-6q29: ISC BIND before 9↗2022-05-14

▶

OSV

CVE-2010-3762: ISC BIND before 9↗2010-10-05

▶

CVEList

CVE-2010-3762: ISC BIND before 9↗2010-10-05

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2011-05-30

▶

Red Hat

Bind: DoS (assertion failure) via a DNS query with bad signatures↗2010-09-28

▶

Debian

CVE-2010-3762: bind9 - ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly h...↗2010

▶

💬Community

Bugzilla

CVE-2010-3762 Bind: DoS (assertion failure) via a DNS query with bad signatures↗2010-10-06

▶