CVE-2002-0684

NameCVE-2002-0684
DescriptionBuffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)jessie, jessie (lts)2.19-18+deb8u13fixed
stretch (security)2.24-11+deb9u1fixed
stretch (lts), stretch2.24-11+deb9u6fixed
buster2.28-10+deb10u1fixed
buster (security)2.28-10+deb10u3fixed
bullseye2.31-13+deb11u8fixed
bullseye (security)2.31-13+deb11u10fixed
bookworm2.36-9+deb12u4fixed
bookworm (security)2.36-9+deb12u7fixed
trixie2.38-7fixed
sid2.38-8fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsource(unstable)2.2.5-8
Search for package or bug name: Reporting problems