Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor D.j.bernstein Subscribe
Filtered by product Djbdns
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-0858 1 D.j.bernstein 1 Djbdns 2018-10-10 5.8 MEDIUM N/A
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.
CVE-2008-4392 1 D.j.bernstein 1 Djbdns 2017-08-07 6.4 MEDIUM N/A
dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.
CVE-2012-1191 1 D.j.bernstein 1 Djbdns 2012-02-19 6.4 MEDIUM N/A
The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.