FKIE_CVE-2012-2978

Vulnerability from fkie_nvd - Published: 2012-07-27 10:27 - Updated: 2025-04-11 00:51
Severity ?
Summary
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
References
cret@cert.orghttp://osvdb.org/84097
cret@cert.orghttp://secunia.com/advisories/49795
cret@cert.orghttp://secunia.com/advisories/49997
cret@cert.orghttp://www.debian.org/security/2012/dsa-2515
cret@cert.orghttp://www.kb.cert.org/vuls/id/624931US Government Resource
cret@cert.orghttp://www.nlnetlabs.nl/downloads/CVE-2012-2978.txtVendor Advisory
cret@cert.orghttp://www.securityfocus.com/bid/54606
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/84097
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49795
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49997
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2515
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/624931US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54606
Impacted products
Vendor Product Version
nlnetlabs nsd 3.0.0
nlnetlabs nsd 3.0.1
nlnetlabs nsd 3.0.2
nlnetlabs nsd 3.0.3
nlnetlabs nsd 3.0.4
nlnetlabs nsd 3.0.5
nlnetlabs nsd 3.0.6
nlnetlabs nsd 3.0.7
nlnetlabs nsd 3.0.8
nlnetlabs nsd 3.1.0
nlnetlabs nsd 3.1.1
nlnetlabs nsd 3.2.0
nlnetlabs nsd 3.2.1
nlnetlabs nsd 3.2.3
nlnetlabs nsd 3.2.4
nlnetlabs nsd 3.2.5
nlnetlabs nsd 3.2.6
nlnetlabs nsd 3.2.7
nlnetlabs nsd 3.2.8
nlnetlabs nsd 3.2.9
nlnetlabs nsd 3.2.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E347F8C-AB1F-4967-9C85-055214798ECE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DEDA235-5B80-4816-86C5-C83A45878A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22BC2EBF-9241-4FE1-A730-9F9BB6E2777C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3180CAA2-1518-4750-98DE-F64821297034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "56BCFAEA-AC1F-4D3E-B473-A6081D423BEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA25A60-DD5F-4FE8-A6CC-1695232E3D95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C326A66B-457E-4130-A214-ED265576F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "140464BA-39D7-4B63-92F9-9D6E09CFF6DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E86C924A-6CD8-4D9A-8CFC-E4AD4CC9331E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A818B06C-8798-460D-AE5A-93162CB758A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3755E217-23CB-42EF-90E8-020D5796226B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F341E55C-DB91-4D7B-91AE-076525C52A1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "760CF611-A8BF-4E96-9F21-0796FBC8A521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5A52D5D-F34E-4148-A1B5-41668CAF4370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC6AED26-55BB-449E-815E-532C0DD24B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "608E8EA7-9875-42E7-B8A4-9CE5EAE1B403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE30D876-F03D-4BAA-BC1B-BEF22CD159E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FC27746-21C8-4949-A099-7BFCBB21A368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "39D5DB56-E99F-4B2D-815D-D697ACB352FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3BFA93-297D-4EFB-AF7E-0C451B47C23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nlnetlabs:nsd:3.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B605C0B-213F-4626-A30C-D13C0D4635D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
    },
    {
      "lang": "es",
      "value": "query.c en NSD v3.0.x hasta v3.0.8, v3.1.x hasta v3.1.1, y v3.2.x antes de v3.2.12 permite a atacantes remotos causar una denegaci\u00f3n de servicio (eliminar la referencia del puntero NULL y ca\u00edda en un proceso hijo) a trav\u00e9s de un paquete DNS modificado."
    }
  ],
  "id": "CVE-2012-2978",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-07-27T10:27:49.260",
  "references": [
    {
      "source": "cret@cert.org",
      "url": "http://osvdb.org/84097"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/49795"
    },
    {
      "source": "cret@cert.org",
      "url": "http://secunia.com/advisories/49997"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.debian.org/security/2012/dsa-2515"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/624931"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/bid/54606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/84097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/49997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/624931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54606"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.