CVE-2016-2776
published 2016-09-28CVE-2016-2776: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | bind9 | < bind9 1:9.10.3.dfsg.P4-11 (bookworm) | bind9 1:9.10.3.dfsg.P4-11 (bookworm) |
| hp | hp-ux | — | — |
| isc | bind | <= 9.9.9 | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind | — | — |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-11 | 1:9.10.3.dfsg.P4-11 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-11 | 1:9.10.3.dfsg.P4-11 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-11 | 1:9.10.3.dfsg.P4-11 |
| isc | bind9 | >= 0 < 1:9.10.3.dfsg.P4-11 | 1:9.10.3.dfsg.P4-11 |
| oracle | linux | — | — |
| oracle | linux | — | — |
| oracle | linux | — | — |
| oracle | solaris | — | — |
| oracle | solaris | — | — |
| oracle | vm_server | — | — |
| oracle | vm_server | — | — |
| oracle | vm_server | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vulncheck7.5HIGH