Main Vulnerability Database Vulnerabilities #VU110134

Input validation error in Glibc - CVE-2002-0684

Published: October 18, 2016 / Updated: June 3, 2025

Vulnerability identifier: #VU110134

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2002-0684

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GNU

Affected software:
Glibc

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

How to mitigate CVE-2002-0684

Install update from vendor's website.

Sources

http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
http://marc.info/?l=bugtraq&m=102581482511612&w=2
http://rhn.redhat.com/errata/RHSA-2002-139.html
http://www.kb.cert.org/vuls/id/542971
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php

Input validation error in Glibc - CVE-2002-0684

Detailed vulnerability description

How to mitigate CVE-2002-0684

Sources

Please verify you're human