CVE-2002-1220

BIND 8.3.x-8.3.3 - Denial of Service via OPT Resource Record with Large UDP Payload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1220. PoCs published by spybreak.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in ISC BIND 8.3.0 to 8.3.3 by sending a malformed DNS query with an OPT resource record containing a large UDP payload size. The exploit crafts a DNS query for a non-existent subdomain and sends it to the target BIND server, potentially causing it to crash.

Description

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

Exploits (1)

exploitdb WORKING POC VERIFIED
by spybreak · cdoslinux
https://www.exploit-db.com/exploits/22011

This exploit targets a denial-of-service vulnerability in ISC BIND 8.3.0 to 8.3.3 by sending a malformed DNS query with an OPT resource record containing a large UDP payload size. The exploit crafts a DNS query for a non-existent subdomain and sends it to the target BIND server, potentially causing it to crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: ISC BIND 8.3.0 - 8.3.3-REL
No auth needed
Prerequisites: Network access to the target BIND server · A non-existent subdomain of an existing domain or a domain with unreachable authoritative name servers
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
US Government Resource third-party-advisory x_refsource_cert
http://www.cert.org/advisories/CA-2002-31.html
Patch, Vendor Advisory x_refsource_confirm
http://www.isc.org/products/BIND/bind-security.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-196
Third Party Advisory, VDB Entry vendor-advisory x_refsource_compaq
http://online.securityfocus.com/advisories/4999
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103763574715133&w=2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/229595
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10332
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6161
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://online.securityfocus.com/archive/1/300019
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=103713117612842&w=2
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/n-013.shtml
Patch, Vendor Advisory third-party-advisory x_refsource_iss
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Various Sources vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php

Scores

EPSS 0.0960
EPSS Percentile 94.9%

Details

Status published
Products (11)
freebsd/freebsd 4.4
freebsd/freebsd 4.5
freebsd/freebsd 4.6
freebsd/freebsd 4.7
isc/bind 8.3.0
isc/bind 8.3.1
isc/bind 8.3.2
isc/bind 8.3.3
openbsd/openbsd 3.0
openbsd/openbsd 3.1
... and 1 more
Published Nov 29, 2002
Tracked Since Feb 18, 2026