CVE-2016-9131Improper Input Validation in Bind

CWE-20Improper Input Validation12 documents9 sources
Severity
7.5HIGHNVD
EPSS
72.8%
top 1.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
ISC Bind9ISC BindDebian Linux+6 more
Timeline
PublishedJan 12
Latest updateMay 13

Description

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

Debianisc/bind9< 1:9.10.3.dfsg.P4-11+3
Ubuntuisc/bind9< 1:9.9.5.dfsg-3ubuntu0.11+1
NVDisc/bind9.09.9.8+4

Also affects: Debian Linux 8.0, Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.0

Patches

Patch: h20566.www2.hpe.comPatch: kb.isc.orgPatch: h20566.www2.hpe.com

🔴Vulnerability Details

4
GHSA
GHSA-75r9-9rpr-7px8: named in ISC BIND 92022-05-13
OSV
CVE-2016-9131: named in ISC BIND 92017-01-12
OSV
bind9 vulnerabilities2017-01-12
CVEList
CVE-2016-9131: named in ISC BIND 92017-01-12

📋Vendor Advisories

3
Ubuntu
Bind vulnerabilities2017-01-12
Red Hat
bind: assertion failure while processing response to an ANY query2017-01-11
Debian
CVE-2016-9131: bind9 - named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x befor...2016

🕵️Threat Intelligence

1
Fortinet
Analysis of ISC BIND TKEY Query Response Handling DoS (CVE-2016-9131)2017-01-18

💬Community

3
Bugzilla
CVE-2016-9131 bind: assertion failure while processing response to an ANY query [fedora-all]2017-01-12
Bugzilla
CVE-2016-9131 bind99: bind: assertion failure while processing response to an ANY query [fedora-all]2017-01-12
Bugzilla
CVE-2016-9131 bind: assertion failure while processing response to an ANY query2017-01-09
CVE-2016-9131 — Improper Input Validation in ISC Bind | cvebase