CVE-2012-1667 — Bind vulnerability

CWE-18910 documents9 sources

Severity

8.5HIGHNVD

EPSS

53.2%

top 2.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedJun 5

Latest updateMay 14

Description

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

CVSS vector

AV:N/AC:L/C:P/I:N/A:CExploitability: 10.0 | Impact: 7.8

Affected Packages2 packages

▶Debianisc/bind9< 1:9.8.1.dfsg.P1-4.1+3

▶NVDisc/bind51 versions+50

🔴Vulnerability Details

GHSA

GHSA-8wqw-72q7-h4q9: ISC BIND 9↗2022-05-14

▶

CVEList

CVE-2012-1667: ISC BIND 9↗2012-06-05

▶

OSV

CVE-2012-1667: ISC BIND 9↗2012-06-05

▶

📋Vendor Advisories

BSD

FreeBSD-SA-12:03.bind: Incorrect handling of zero-length RDATA fields in named(8)↗2012-06-12

▶

Ubuntu

Bind vulnerabilities↗2012-06-05

▶

Red Hat

bind: handling of zero length rdata can cause named to terminate unexpectedly↗2012-06-04

▶

Debian

CVE-2012-1667: bind9 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and ...↗2012

▶

💬Community

Bugzilla

CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly [fedora-all]↗2012-06-04

▶

Bugzilla

CVE-2012-1667 bind: handling of zero length rdata can cause named to terminate unexpectedly↗2012-06-04

▶