CVE-2012-3868Race Condition in Bind

CWE-362Race ConditionCWE-401Missing Release of Memory after Effective Lifetime7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
2.0%
top 16.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ISC Bind
Timeline
PublishedJul 25
Latest updateMay 17

Description

Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDisc/bind9.9.0, 9.9.1+1

🔴Vulnerability Details

2
GHSA
GHSA-v87w-rgf8-76jc: Race condition in the ns_client structure management in ISC BIND 92022-05-17
CVEList
CVE-2012-3868: Race condition in the ns_client structure management in ISC BIND 92012-07-25

📋Vendor Advisories

2
Red Hat
bind: high TCP query load can trigger memory leak2012-07-24
Debian
CVE-2012-3868: bind9 - Race condition in the ns_client structure management in ISC BIND 9.9.x before 9....2012

💬Community

2
Bugzilla
CVE-2012-3868 bind: high TCP query load can trigger memory leak2012-07-24
Bugzilla
CVE-2012-3868 bind: high TCP query load can trigger memory leak [fedora-17]2012-07-24
CVE-2012-3868 — Race Condition in ISC Bind | cvebase