CVE-2016-6170 — Improper Input Validation in Bind

CWE-20 — Improper Input Validation11 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

13.0%

top 5.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ISC Bind9 ISC Bind Redhat Enterprise Linux

Timeline

PublishedJul 6

Latest updateNov 29

Description

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianisc/bind9< 1:9.10.6+dfsg-1+3

▶NVDisc/bind9.0 — 9.9.8+4

Also affects: Enterprise Linux 5.0, 6.0, 7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

OSV

bind9 vulnerabilities↗2022-11-29

▶

GHSA

GHSA-r98f-r8h7-rj5p: ISC BIND through 9↗2022-05-13

▶

CVEList

CVE-2016-6170: ISC BIND through 9↗2016-07-06

▶

OSV

CVE-2016-6170: ISC BIND through 9↗2016-07-06

▶

📋Vendor Advisories

Ubuntu

Bind vulnerabilities↗2022-11-29

▶

Red Hat

bind: Improper restriction of zone size limit↗2016-07-04

▶

Debian

CVE-2016-6170: bind9 - ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1...↗2016

▶

💬Community

Bugzilla

CVE-2016-6170 bind: Improper restriction of zone size limit↗2016-07-07

▶

Bugzilla

CVE-2016-6170 bind: Improper restriction of zone size limit [fedora-all]↗2016-07-07

▶

Bugzilla

CVE-2016-6170 bind99: bind: Improper restriction of zone size limit [fedora-all]↗2016-07-07

▶