Vulnerabilites related to apple - bonjour
Vulnerability from fkie_nvd
Published
2020-02-05 20:15
Modified
2024-11-21 01:23
Severity ?
Summary
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:bonjour:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D429F7D6-C72D-4EEB-ACFF-08BA37AA64E7",
"versionEndExcluding": "2011",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet."
},
{
"lang": "es",
"value": "Apple Bonjour antes del 2011, permite un bloqueo por medio de un paquete DNS multicast dise\u00f1ado."
}
],
"id": "CVE-2011-0220",
"lastModified": "2024-11-21T01:23:34.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-05T20:15:10.673",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:10
Modified
2025-04-09 00:30
Severity ?
Summary
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | bonjour | 1.0.4 | |
| microsoft | windows-nt | xp | |
| microsoft | windows_2000 | - | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:bonjour:1.0.4:unknown:windows:*:*:*:*:*",
"matchCriteriaId": "1ACABF55-DE3F-463A-A469-A76589C3AAB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA86830-BEA8-4943-83EA-C267FA534223",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label."
},
{
"lang": "es",
"value": "mDNSResponder de Bonjour Namespace Provider \r\nen Apple Bonjour para Windows versiones anteriores a la 1.0.5, permite a atacantes provocar una denegaci\u00f3n de servicio (puntero NULO sin referencia y ca\u00edda de aplicaci\u00f3n) resolviendo un nombre de dominio .local manipulado que contiene una etiqueta larga.\u00f1"
}
],
"id": "CVE-2008-2326",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-11T01:10:25.367",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31822"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT2990"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31091"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020845"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT2990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2025-04-09 00:30
Severity ?
Summary
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | bonjour | 1.0.4 | |
| microsoft | windows-nt | xp | |
| microsoft | windows_2000 | - | |
| microsoft | windows_2003_server | - | |
| microsoft | windows_vista | - | |
| microsoft | windows_xp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:bonjour:1.0.4:unknown:windows:*:*:*:*:*",
"matchCriteriaId": "1ACABF55-DE3F-463A-A469-A76589C3AAB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows-nt:xp:sp3:*:*:*:*:*:*",
"matchCriteriaId": "73AED29E-B778-4186-8968-EB608E34E540",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "685F1981-EA61-4A00-89F8-A748A88962F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA86830-BEA8-4943-83EA-C267FA534223",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447."
},
{
"lang": "es",
"value": "mDNSResponder en Apple Bonjour para Windows anterior a 1.0.5, cuando una aplicaci\u00f3n usa la API Bonjour para DNS unicast, no escoge valores aleatorios para las transacciones IDs u origen de puertos en las peticiones DNS, lo que facilita a atacantes remotos falsear las respuestas DNS. Vulnerabilidad distinta de CVE-2008-1447."
}
],
"id": "CVE-2008-3630",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-11T01:13:09.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31822"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT2990"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31093"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020844"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT2990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2524"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-2326 (GCVE-0-2008-2326)
Vulnerability from cvelistv5
Published
2008-09-10 16:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31822"
},
{
"name": "1020845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020845"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT2990"
},
{
"name": "APPLE-SA-2009-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"name": "31091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31091"
},
{
"name": "ADV-2008-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"name": "apple-bonjour-mdnsresponder-dos(45005)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31822"
},
{
"name": "1020845",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020845"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT2990"
},
{
"name": "APPLE-SA-2009-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"name": "31091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31091"
},
{
"name": "ADV-2008-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"name": "apple-bonjour-mdnsresponder-dos(45005)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for Windows before 1.0.5 allows attackers to cause a denial of service (NULL pointer dereference and application crash) by resolving a crafted .local domain name that contains a long label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31822"
},
{
"name": "1020845",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020845"
},
{
"name": "http://support.apple.com/kb/HT2990",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2990"
},
{
"name": "APPLE-SA-2009-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"name": "31091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31091"
},
{
"name": "ADV-2008-2524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"name": "apple-bonjour-mdnsresponder-dos(45005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45005"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2326",
"datePublished": "2008-09-10T16:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3630 (GCVE-0-2008-3630)
Vulnerability from cvelistv5
Published
2008-09-10 16:00
Modified
2024-08-07 09:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT2990"
},
{
"name": "APPLE-SA-2009-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"name": "1020844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020844"
},
{
"name": "ADV-2008-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"name": "31093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT2990"
},
{
"name": "APPLE-SA-2009-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"name": "1020844",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020844"
},
{
"name": "ADV-2008-2524",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"name": "31093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31822"
},
{
"name": "http://support.apple.com/kb/HT2990",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT2990"
},
{
"name": "APPLE-SA-2009-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00002.html"
},
{
"name": "1020844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020844"
},
{
"name": "ADV-2008-2524",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2524"
},
{
"name": "31093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3630",
"datePublished": "2008-09-10T16:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0220 (GCVE-0-2011-0220)
Vulnerability from cvelistv5
Published
2020-02-05 19:46
Modified
2024-08-06 21:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Other
Summary
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:43:15.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bonjour",
"vendor": "Apple",
"versions": [
{
"status": "affected",
"version": "before 2011"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-05T19:46:24",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2011-0220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bonjour",
"version": {
"version_data": [
{
"version_value": "before 2011"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt",
"refsource": "MISC",
"url": "https://opensource.apple.com/source/mDNSResponder/mDNSResponder-541/mDNSPosix/ReadMe.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2011-0220",
"datePublished": "2020-02-05T19:46:24",
"dateReserved": "2010-12-23T00:00:00",
"dateUpdated": "2024-08-06T21:43:15.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}