VDB
CVE-2002-1146
CVE-2002-1146
PUBLISHED
CVSS 5 MEDIUM
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
EPSS 10.18% · 93.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
10.18%
93.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnu | glibc | 0 |
| n/a | n/a | n/a |
Timeline
- Oct 11, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- CLA-2002:535 vendor-advisory
- RHSA-2003:212 vendor-advisory
- RHSA-2002:197 vendor-advisory
- RHSA-2002:258 vendor-advisory
- RHSA-2003:022 vendor-advisory
- NetBSD-SA2002-015 vendor-advisory
- VU#738331 third-party-advisory
- MDKSA-2004:009 vendor-advisory
- dns-resolver-lib-read-bo(10295) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2002-1146 advisory