CVE-2016-1285
published 2016-03-09CVE-2016-1285: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote…
medium6.8CVSS 3.1
AVNACHPRNUINSCCNINAH
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | bind9 | < bind9 1:9.10.3.dfsg.P4-6 (bookworm) | bind9 1:9.10.3.dfsg.P4-6 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | >= 9.0.0 < 9.9.8 | 9.9.8 |
| isc | bind | >= 9.10.0 < 9.10.3 | 9.10.3 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-6 | 1:9.10.3.dfsg.P4-6 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-6 | 1:9.10.3.dfsg.P4-6 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-6 | 1:9.10.3.dfsg.P4-6 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-6 | 1:9.10.3.dfsg.P4-6 |
| isc | bind9 | >= 0 < 1:9.9.5.dfsg-3ubuntu0.8 | 1:9.9.5.dfsg-3ubuntu0.8 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
osv6.8MEDIUM