Lucene search

MitreCVE-2009-1086

HistoryMar 25, 2009 - 6:30 p.m.

CVE-2009-1086

2009-03-2518:30:00

CWE-399

mitre

web.nvd.nist.gov

cve-2009-1086

ldns

buffer overflow

denial of service

memory corruption

execute arbitrary code

dns

resource record

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.112

Percentile

95.2%

JSON

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.

Affected configurations

Nvd

Node

nlnetlabsldnsMatch1.4.0

nlnetlabsldnsMatch1.4.1

VendorProductVersionCPE
nlnetlabsldns1.4.0cpe:2.3:a:nlnetlabs:ldns:1.4.0:*:*:*:*:*:*:*
nlnetlabsldns1.4.1cpe:2.3:a:nlnetlabs:ldns:1.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nlnetlabs	ldns	1.4.0	cpe:2.3:a:nlnetlabs:ldns:1.4.0:::::::*
nlnetlabs	ldns	1.4.1	cpe:2.3:a:nlnetlabs:ldns:1.4.1:::::::*

References

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

secunia.com/advisories/35013

secunia.com/advisories/35065

www.debian.org/security/2009/dsa-1795

www.nlnetlabs.nl/bugs/show_bug.cgi?id=232

www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog

www.openwall.com/lists/oss-security/2009/03/24/4

www.securityfocus.com/bid/34233

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

Confidence

Low

EPSS

0.112

Percentile

95.2%

JSON

Related for CVE-2009-1086