CVE-2016-9778Reachable Assertion in Bind 9

CWE-3886 documents6 sources
Severity
5.9MEDIUMNVD
CNA7.5
EPSS
5.4%
top 9.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ISC Bind 9ISC Bind
Timeline
PublishedJan 16
Latest updateMay 13

Description

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, w

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDisc/bind9.11.0, 9.9.8, 9.9.9+2
CVEListV5isc/bind_9BIND 9 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1

🔴Vulnerability Details

2
GHSA
GHSA-xf9m-fv8p-cjv5: An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it2022-05-13
CVEList
An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c2019-01-16

📋Vendor Advisories

2
Red Hat
bind: assertion failure while handling certain queries using the nxdomain-redirect feature2017-01-11
Debian
CVE-2016-9778: bind9 - An error in handling certain queries can cause an assertion failure when a serve...2016

💬Community

1
Bugzilla
CVE-2016-9778 bind: assertion failure while handling certain queries using the nxdomain-redirect feature2017-01-09
CVE-2016-9778 — Reachable Assertion in ISC Bind 9 | cvebase