CVE-2002-0029

Name	CVE-2002-0029
Description	Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-196

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
bind9 (PTS)	bullseye	1:9.16.50-1~deb11u2	fixed
	bullseye (security)	1:9.16.50-1~deb11u4	fixed
	bookworm	1:9.18.33-1~deb12u2	fixed
	bookworm (security)	1:9.18.41-1~deb12u1	fixed
	trixie	1:9.20.11-4	fixed
	trixie (security)	1:9.20.15-1~deb13u1	fixed
	forky, sid	1:9.20.15-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
bind	source	woody	8.3.3-2.0woody1		DSA-196
bind	source	(unstable)	1:8.3.3-3
bind9	source	(unstable)	(not affected)