Lucene search

[email protected]CVE-2009-1086

HistoryMar 25, 2009 - 6:30 p.m.

CVE-2009-1086

2009-03-2518:30:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2009-1086

ldns

buffer overflow

denial of service

memory corruption

execute arbitrary code

dns

resource record

nvd

7.9 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.112 Low

EPSS

Percentile

95.2%

JSON

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.

CPENameOperatorVersion
nlnetlabs:ldnsnlnetlabs ldnseq1.4.0
nlnetlabs:ldnsnlnetlabs ldnseq1.4.1

CPE	Name	Operator	Version
nlnetlabs:ldns	nlnetlabs ldns	eq	1.4.0
nlnetlabs:ldns	nlnetlabs ldns	eq	1.4.1

References

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

secunia.com/advisories/35013

secunia.com/advisories/35065

www.debian.org/security/2009/dsa-1795

www.nlnetlabs.nl/bugs/show_bug.cgi?id=232

www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog

www.openwall.com/lists/oss-security/2009/03/24/4

www.securityfocus.com/bid/34233

7.9 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.112 Low

EPSS

Percentile

95.2%

JSON

Related for CVE-2009-1086

debian2 nessus2 prion1 openvas4 debiancve1 securityvulns2 ubuntucve1 cvelist1