Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-2776

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion13 documents11 sources

Severity

7.5HIGH

EPSS

87.0%

top 0.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

ISC Bind HP Hp-ux Oracle Linux +2 more

Timeline

PublishedSep 28

Latest updateMay 13

Description

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶Debianbind9< 1:9.10.3.dfsg.P4-11+3

▶NVDisc/bind9.9.9+6

▶NVDhp/hp-ux11.31

▶NVDoracle/linux5.0, 6, 7+2

▶NVDoracle/solaris10.0, 11.3+1

🔴Vulnerability Details

GHSA

GHSA-jxr9-jr43-c424: buffer↗2022-05-13

▶

OSV

CVE-2016-2776: buffer↗2016-09-28

▶

CVEList

CVE-2016-2776: buffer↗2016-09-28

▶

VulnCheck

Oracle linux Improper Input Validation↗2016

▶

💥Exploits & PoCs

Exploit-DB

ISC BIND 9 - Denial of Service↗2016-10-04

▶

📋Vendor Advisories

BSD

FreeBSD-SA-16:28.bind: BIND remote Denial of Service vulnerability↗2016-10-10

▶

Ubuntu

Bind vulnerability↗2016-09-27

▶

Red Hat

bind: assertion failure in buffer.c while building responses to a specifically constructed request↗2016-09-27

▶

Debian

CVE-2016-2776: bind9 - buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9....↗2016

▶

💬Community

Bugzilla

CVE-2016-2776 bind: remote denial-of-service attack [fedora-all]↗2016-09-27

▶

Bugzilla

CVE-2016-2776 bind99: bind: remote denial-of-service attack [fedora-all]↗2016-09-27

▶

Bugzilla

CVE-2016-2776 bind: assertion failure in buffer.c while building responses to a specifically constructed request↗2016-09-22

▶