CVE-2009-1755
Severity CVSS v4.0:
Pending analysis
Type:
CWE-189
Numeric Errors
Publication date:
22/05/2009
Last modified:
09/04/2025
Description
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nlnetlabs:nsd:2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.1.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.1.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.1.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.1.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.2.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.3.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.3.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nlnetlabs:nsd:2.3.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420
- http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
- http://www.openwall.com/lists/oss-security/2009/05/19/1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420
- http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html
- http://www.openwall.com/lists/oss-security/2009/05/19/1