CVE-2016-8864 — Reachable Assertion in Bind
Severity
7.5HIGHNVD
EPSS
45.4%
top 2.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 2
Latest updateMay 13
Description
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 8.0, Enterprise Linux 6.7, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 6.2, 6.4, 6.5, 6.6
🔴Vulnerability Details
3📋Vendor Advisories
4Debian▶
CVE-2016-8864: bind9 - named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x befor...↗2016
🕵️Threat Intelligence
1💬Community
4Bugzilla▶
CVE-2016-8864 bind99: bind: assertion failure while handling responses containing a DNAME answer [fedora-all]↗2016-11-03
Bugzilla▶
CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer [fedora-all]↗2016-11-03
Bugzilla
▶
Bugzilla▶
CVE-2015-2181 CVE-2015-8864 CVE-2016-4068 CVE-2016-4069 roundcubemail: security issues fixed in version 1.0.9↗2016-04-25