Unrated severityNVD Advisory· Published Aug 7, 2012· Updated Apr 29, 2026
CVE-2012-3429
CVE-2012-3429
Description
The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a "$" character in a DN in a DNS query.
Affected products
10cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:a1:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.1.0:b:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:b1:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a1:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:a2:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b1:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:1.1.0:b2:*:*:*:*:*:*
- cpe:2.3:a:martin_nagy:bind-dyndb-ldap:*:rc1:*:*:*:*:*:*range: <=1.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- www.securitytracker.com/idnvdPatch
- git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/nvdExploitPatch
- secunia.com/advisories/50086nvdVendor Advisory
- secunia.com/advisories/50159nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2012-1139.htmlnvd
- www.openwall.com/lists/oss-security/2012/08/02/5nvd
- www.securityfocus.com/bid/54787nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/77391nvd
News mentions
0No linked articles in our index yet.