CVE-2002-0140

dnrd 2.10 and earlier - Denial of Service and Possible Remote Code Execution via Malformed DNS Reply

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0140. PoCs published by Andrew Griffiths.

AI-analyzed exploit summary This exploit leverages a lack of bounds checking in dnrd's DNS request/reply functions to trigger a denial of service via a malformed UDP packet. The PoC generates random data and sends it to the target's DNS port (53/UDP), causing the service to crash.

Description

Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicious DNS sites to cause a denial of service and possibly execute arbitrary code via a long or malformed DNS reply, which is not handled properly by parse_query, get_objectname, and possibly other functions.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Andrew Griffiths · textdosunix
https://www.exploit-db.com/exploits/21236

This exploit leverages a lack of bounds checking in dnrd's DNS request/reply functions to trigger a denial of service via a malformed UDP packet. The PoC generates random data and sends it to the target's DNS port (53/UDP), causing the service to crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: dnrd (Domain Name Relay Daemon)
No auth needed
Prerequisites: Network access to the target's DNS port (53/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/7957.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3928
Vendor Advisory mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/251619

Scores

EPSS 0.0353
EPSS Percentile 87.7%

Details

Status published
Products (16)
dnrd/dnrd 1.0
dnrd/dnrd 1.1
dnrd/dnrd 1.2
dnrd/dnrd 1.3
dnrd/dnrd 1.4
dnrd/dnrd 2.0
dnrd/dnrd 2.1
dnrd/dnrd 2.2
dnrd/dnrd 2.3
dnrd/dnrd 2.4
... and 6 more
Published Mar 25, 2002
Tracked Since Feb 18, 2026