CVE-2016-2848 — Improper Input Validation in Bind

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion8 documents8 sources

Severity

7.5HIGHNVD

EPSS

51.3%

top 2.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind

Timeline

PublishedOct 21

Latest updateMay 14

Description

ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debianisc/bind9< 1:9.9.3.dfsg.P2-1+3

▶NVDisc/bind55 versions+54

🔴Vulnerability Details

GHSA

GHSA-j4vg-xpv6-9x2m: ISC BIND 9↗2022-05-14

▶

OSV

CVE-2016-2848: ISC BIND 9↗2016-10-21

▶

CVEList

CVE-2016-2848: ISC BIND 9↗2016-10-21

▶

📋Vendor Advisories

Ubuntu

Bind vulnerability↗2016-10-21

▶

Red Hat

bind: assertion failure triggered by a packet with malformed options↗2016-10-20

▶

Debian

CVE-2016-2848: bind9 - ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attacke...↗2016

▶

💬Community

Bugzilla

CVE-2016-2848 bind: assertion failure triggered by a packet with malformed options↗2016-10-17

▶