VIR Vulnerability Intelligence Relay

CVE-2012-1667

high
Published 2012-06-05 · Modified 2026-04-29
CVSS v3
CVSS v2
8.5
VIR risk
8.5

Description

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-1667

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://kb.isc.org/article/AA-00698

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.isc.org/software/bind/advisories/cve-2012-1667

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1:9.8.1.dfsg.P1-4.1
debian debianbullseyefixed1:9.8.1.dfsg.P1-4.1
debian debianforkyfixed1:9.8.1.dfsg.P1-4.1
debian debiansidfixed1:9.8.1.dfsg.P1-4.1
debian debiantrixiefixed1:9.8.1.dfsg.P1-4.1

Application impact
VendorProductVersionsFixed
iscbind9.0
iscbind9.0.0
iscbind9.0.1
iscbind9.1
iscbind9.1.0
iscbind9.1.1
iscbind9.1.2
iscbind9.1.3
iscbind9.2
iscbind9.2.0
iscbind9.2.1
iscbind9.2.2
iscbind9.2.3
iscbind9.2.4
iscbind9.2.5
iscbind9.2.6
iscbind9.2.7
iscbind9.2.8
iscbind9.2.9
iscbind9.3
iscbind9.3.0
iscbind9.3.1
iscbind9.3.2
iscbind9.3.3
iscbind9.3.4
iscbind9.3.5
iscbind9.3.6
iscbind9.4
iscbind9.4.0
iscbind9.4.1
iscbind9.4.2
iscbind9.4.3
iscbind9.5
iscbind9.5.0
iscbind9.5.1
iscbind9.5.2
iscbind9.5.3
iscbind9.6
iscbind9.6.0
iscbind9.6.1
iscbind9.6.2
iscbind9.6.3
iscbind9.7.0
iscbind9.7.1
iscbind9.7.2
iscbind9.7.3
iscbind9.7.4
iscbind9.7.5
iscbind9.7.6
iscbind9.9.0
iscbind9.9.1

References

CWEs

CWE-189

Verify integrity in audit chain (admin only). AS-IS.