CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-6173
https://notcve.org/view.php?id=CVE-2016-6173
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. NSD en versiones anteriores a 4.1.11 permite a servidores DNS maestros remotos provocar una denegación de servicio (/tmp consumo de disco y caída del servidor esclavo) a través de una trasferencia de zona con datos ilimitados.. • http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.openwall.com/lists/oss-security/2016/07/06/4 http://www.securityfocus.com/bid/91678 https://github.com/sischkg/xfer-limit/blob/master/README.md https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html https://www.nlnetlabs.nl/bugs-script/show • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 21EXPL: 0CVE-2012-2978
https://notcve.org/view.php?id=CVE-2012-2978
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet. query.c en NSD v3.0.x hasta v3.0.8, v3.1.x hasta v3.1.1, y v3.2.x antes de v3.2.12 permite a atacantes remotos causar una denegación de servicio (eliminar la referencia del puntero NULL y caída en un proceso hijo) a través de un paquete DNS modificado. • http://osvdb.org/84097 http://secunia.com/advisories/49795 http://secunia.com/advisories/49997 http://www.debian.org/security/2012/dsa-2515 http://www.kb.cert.org/vuls/id/624931 http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt http://www.securityfocus.com/bid/54606 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 3%CPEs: 31EXPL: 0CVE-2009-1755
https://notcve.org/view.php?id=CVE-2009-1755
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow. Error de superación del límite en la función packet_read_query_section en packet.c en nsd v3.2.1, y process_query_section en query.c en nsd v2.3.7, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores no específicos que provocan el desbordamiento de búfer. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420 http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html http://www.openwall.com/lists/oss-security/2009/05/19/1 • CWE-189: Numeric Errors •