CVE-2012-1667

2012-06-0516:55:00

CWE-189

[email protected]

web.nvd.nist.gov

2687

isc bind

cve-2012-1667

remote dns dos

vulnerability

nvd

9 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

0.904 High

EPSS

Percentile

98.8%

JSON

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

CPENameOperatorVersion
isc:bindisc bindeq9.6.2
isc:bindisc bindeq9.4.2
isc:bindisc bindeq9.6.1
isc:bindisc bindeq9.2.0
isc:bindisc bindeq9.1.1
isc:bindisc bindeq9.3.1
isc:bindisc bindeq9.5.0
isc:bindisc bindeq9.4.3
isc:bindisc bindeq9.5.2
isc:bindisc bindeq9.2.3

CPE	Name	Operator	Version
isc:bind	isc bind	eq	9.6.2
isc:bind	isc bind	eq	9.4.2
isc:bind	isc bind	eq	9.6.1
isc:bind	isc bind	eq	9.2.0
isc:bind	isc bind	eq	9.1.1
isc:bind	isc bind	eq	9.3.1
isc:bind	isc bind	eq	9.5.0
isc:bind	isc bind	eq	9.4.3
isc:bind	isc bind	eq	9.5.2
isc:bind	isc bind	eq	9.2.3