4.3
CVE-2010-3762
- EPSS 8.09%
- Veröffentlicht 05.10.2010 22:00:06
- Zuletzt bearbeitet 16.06.2026 23:23:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.09% | 0.941 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.vmware.com/pipermail/security-announce/2011/000126.html
http://www.securityfocus.com/archive/1/516909/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2011-0004.html
http://www.vupen.com/english/advisories/2011/0606
http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
http://support.avaya.com/css/P8/documents/100124923
http://www.debian.org/security/2010/dsa-2130
http://www.mandriva.com/security/advisories?name=MDVSA-2010:253
http://www.redhat.com/support/errata/RHSA-2010-0976.html
http://www.securityfocus.com/bid/45385