CVE-2002-0684
CVE-2002-0684 is a high-severity vulnerability in Gnu Glibc with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 6% (92nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Gnu Glibc
- Published:
- Last modified:
Description
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
Frequently asked questions
- What is CVE-2002-0684?
- Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
- How severe is CVE-2002-0684?
- CVE-2002-0684 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2002-0684 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 6% (92nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2002-0684?
- CVE-2002-0684 primarily affects Gnu Glibc. In total, 2 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2002-0684?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2002-0684 published?
- CVE-2002-0684 was published on 2002-08-12 and last updated on 2026-06-16.
References
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
- http://marc.info/?l=bugtraq&m=102581482511612&w=2
- http://rhn.redhat.com/errata/RHSA-2002-139.html
- http://www.kb.cert.org/vuls/id/542971
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-050.php
Affected products (2)
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:4.9.8:*:*:*:*:*:*:*
More vulnerabilities in Gnu Glibc
- CVE-2015-0235 — Critical (CVSS 10.0): Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18,…
- CVE-2026-5450 — Critical (CVSS 9.8): Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version…
- CVE-2023-25139 — Critical (CVSS 9.8): sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct…
- CVE-2022-23219 — Critical (CVSS 9.8): The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34…
- CVE-2022-23218 — Critical (CVSS 9.8): The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34…
- CVE-2021-33574 — Critical (CVSS 9.8): The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the…