CVE-2008-3910

critical

Description

dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/44974

http://www.securityfocus.com/bid/31080

http://www.hsc.fr/ressources/outils/dns2tcp/index.html.en

Details

Source: Mitre, NVD

Published: 2008-09-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00988