Vulnerability CVE-2012-2978


Published: 2012-07-27

Description:
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
NSD 3.0.0-3.0.8, 3.1.0-3.1.1, and 3.2.0-3.2.11 remote denial of service
Marek Vavrusa a...
28.07.2012

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Nlnetlabs -> NSD 

 References:
http://osvdb.org/84097
http://secunia.com/advisories/49795
http://secunia.com/advisories/49997
http://www.debian.org/security/2012/dsa-2515
http://www.kb.cert.org/vuls/id/624931
http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
http://www.securityfocus.com/bid/54606

Copyright 2022, cxsecurity.com

 

Back to Top