CVE-2012-2978Improper Restriction of Operations within the Bounds of a Memory Buffer in NSD

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
1.4%
top 19.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nlnetlabs NSD
Timeline
PublishedJul 27
Latest updateMay 17

Description

query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Ubuntunlnetlabs/nsd< 4.0.0-5
NVDnlnetlabs/nsd21 versions+20

🔴Vulnerability Details

3
GHSA
GHSA-wgh7-q8c2-58gg: query2022-05-17
OSV
CVE-2012-2978: query2012-07-27
CVEList
CVE-2012-2978: query2012-07-27

💬Community

1
Bugzilla
CVE-2012-2978: nsd: NSD denial of service vulnerability from non-standard DNS packet from any host on the internet.2012-07-18
CVE-2012-2978 — Nlnetlabs NSD vulnerability | cvebase