CVE-2008-0122

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
iscbind
𝑥
≤ 9.4.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bullseye
1:9.16.50-1~deb11u2
fixed
sarge
no-dsa
etch
no-dsa
bullseye (security)
1:9.16.50-1~deb11u1
fixed
bookworm
1:9.18.28-1~deb12u2
fixed
bookworm (security)
1:9.18.28-1~deb12u2
fixed
sid
1:9.20.2-1
fixed
trixie
1:9.20.2-1
fixed
glibc
bullseye
2.31-13+deb11u11
fixed
sarge
no-dsa
etch
no-dsa
bullseye (security)
2.31-13+deb11u10
fixed
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bind9
natty
Fixed 1:9.4.2-8
released
maverick
Fixed 1:9.4.2-8
released
lucid
Fixed 1:9.4.2-8
released
karmic
Fixed 1:9.4.2-8
released
jaunty
Fixed 1:9.4.2-8
released
intrepid
Fixed 1:9.4.2-8
released
hardy
Fixed 1:9.4.2-8
released
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored
Common Weakness Enumeration
References