CVE-2002-0029

NameCVE-2002-0029
DescriptionBuffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-196
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)jessie (security), jessie1:9.9.5.dfsg-9+deb8u15fixed
stretch (security), stretch1:9.10.3.dfsg.P4-12.3+deb9u4fixed
buster, sid1:9.11.4+dfsg-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bindsource(unstable)1:8.3.3-3high
bindsourcewoody8.3.3-2.0woody1highDSA-196
bind9source(unstable)(not affected)

Search for package or bug name: Reporting problems