CVE-2012-5166 — Bind vulnerability

CWE-18910 documents9 sources

Severity

7.8HIGHNVD

EPSS

42.0%

top 2.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedOct 10

Latest updateMay 17

Description

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianisc/bind9< 1:9.8.1.dfsg.P1-4.3+3

▶NVDisc/bind54 versions+53

🔴Vulnerability Details

GHSA

GHSA-v7pj-79hf-f778: ISC BIND 9↗2022-05-17

▶

CVEList

CVE-2012-5166: ISC BIND 9↗2012-10-10

▶

OSV

CVE-2012-5166: ISC BIND 9↗2012-10-10

▶

📋Vendor Advisories

BSD

FreeBSD-SA-12:06.bind: Multiple Denial of Service vulnerabilities with named(8)↗2012-11-22

▶

Ubuntu

Bind vulnerability↗2012-10-10

▶

Red Hat

bind: Specially crafted DNS data can cause a lockup in named↗2012-10-09

▶

Debian

CVE-2012-5166: bind9 - ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and ...↗2012

▶

💬Community

Bugzilla

CVE-2012-5166 bind: Specially crafted DNS data can cause a lockup in named [fedora-all]↗2012-10-10

▶

Bugzilla

CVE-2012-5166 bind: Specially crafted DNS data can cause a lockup in named↗2012-10-09

▶