CVE-2009-1755

critical

Description

Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.

References

http://www.openwall.com/lists/oss-security/2009/05/19/1

http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418

Details

Source: Mitre, NVD

Published: 2009-05-22

Updated: 2009-05-29

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical