CVE-2016-2088 — Improper Input Validation in Bind

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

48.4%

top 2.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind

Timeline

PublishedMar 9

Latest updateMay 17

Description

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.2 | Impact: 4.0

Affected Packages1 packages

▶NVDisc/bind4 versions+3

🔴Vulnerability Details

GHSA

GHSA-8f3h-84p6-655j: resolver↗2022-05-17

▶

CVEList

CVE-2016-2088: resolver↗2016-03-09

▶

📋Vendor Advisories

Red Hat

bind: malformed packet containing multiple cookie options can trigger assertion failure↗2016-03-09

▶

Debian

CVE-2016-2088: bind9 - resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are en...↗2016

▶

🕵️Threat Intelligence

Fortinet

Internet In Danger: Analysis of ISC Bind Patch (part 2)↗2016-04-01

▶

💬Community

Bugzilla

CVE-2016-1285 CVE-2016-1286 CVE-2016-2088 bind: various flaws [fedora-all]↗2016-03-10

▶

Bugzilla

CVE-2016-2088 bind: malformed packet containing multiple cookie options can trigger assertion failure↗2016-03-08

▶