CVE-2016-2775

CWE-20 — Improper Input Validation12 documents9 sources

Severity

5.9MEDIUM

EPSS

43.3%

top 2.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind Fedoraproject Fedora HP Hp-ux +6 more

Timeline

PublishedJul 19

Latest updateNov 29

Description

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages7 packages

▶Debianbind9< 1:9.10.3.dfsg.P4-11+3

▶Ubuntubind9< 1:9.9.5.dfsg-3ubuntu0.19+esm9+1

▶NVDisc/bind9.0 — 9.9.8+4

▶NVDhp/hp-uxb.11.31

▶NVDredhat/enterprise_linux_server6.0, 7.0+1

Also affects: Fedora 23, 24, Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: h20566.www2.hpe.com ↗Patch: kb.isc.org ↗Patch: h20566.www2.hpe.com ↗

🔴Vulnerability Details

OSV

bind9 vulnerabilities↗2022-11-29

▶

GHSA

GHSA-c3hx-3ppq-fr4p: ISC BIND 9↗2022-05-13

▶

OSV

CVE-2016-2775: ISC BIND 9↗2016-07-19

▶

CVEList

CVE-2016-2775: ISC BIND 9↗2016-07-19

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2022-11-29

▶

Red Hat

bind: Too long query name causes segmentation fault in lwresd↗2016-07-18

▶

Debian

CVE-2016-2775: bind9 - ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b...↗2016

▶

💬Community

Bugzilla

CVE-2016-2775 bind: Too long query name causes segmentation fault in lwresd↗2016-07-19

▶

Bugzilla

CVE-2016-2775 bind99: bind: Too long query name causes segmentation fault in lwresd [fedora-all]↗2016-07-19

▶

Bugzilla

CVE-2016-2775 bind: Too long query name causes segmentation fault in lwresd [fedora-all]↗2016-07-19

▶