CVE-2012-3868

Published: Jul 25, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.

Affected (12)

Products: Isc: Bind

Isc

1 product

Bind

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Isc Bind	Version 9.9.0
Isc Bind	Version 9.9.0 a1
Isc Bind	Version 9.9.0 a2
Isc Bind	Version 9.9.0 a3
Isc Bind	Version 9.9.0 b1
Isc Bind	Version 9.9.0 b2
Isc Bind	Version 9.9.0 rc1
Isc Bind	Version 9.9.0 rc2
Isc Bind	Version 9.9.0 rc3
Isc Bind	Version 9.9.0 rc4
Isc Bind	Version 9.9.1
Isc Bind	Version 9.9.1 p1

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (4)

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004

Source: cve@mitre.org

https://kb.isc.org/article/AA-00730

Source: cve@mitre.org

Vendor Advisory

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.isc.org/article/AA-00730

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.