Buffer overflow in Nlnetlabs Nsd

CVE-2012-2978

query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.

Vulnerability class: Buffer Overflow

EPSS: 0.092 (94.7th percentile) — read the EPSS interpretation.

Affected products

Nlnetlabs Nsd — versions 3.0.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cret@cert.org (x_refsource_OSVDB, vdb-entry)
cret@cert.org (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
cret@cert.org (vdb-entry, x_refsource_BID)
cret@cert.org (x_refsource_SECUNIA, third-party-advisory)
cret@cert.org (x_refsource_SECUNIA, third-party-advisory)
cret@cert.org (vendor-advisory, x_refsource_DEBIAN)