CVE-2016-2776
Last modified
CVE-2016-2776 is a vulnerability of currently unknown severity. buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.. EPSS estimates a 89.48% chance of exploitation in the next 30 days.
Description
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Oracle | Linux | 5.0 | — |
| Oracle | Linux | 6 | — |
| Oracle | Linux | 7 | — |
| Oracle | Vm Server | 3.2 | — |
| Oracle | Vm Server | 3.3 | — |
| Oracle | Vm Server | 3.4 | — |
| Isc | Bind | <= 9.9.9 | P3 |
| Isc | Bind | 9.10.0 | — |
| Isc | Bind | 9.10.1 | — |
| Isc | Bind | 9.10.2 | B1 |
| Isc | Bind | 9.10.3 | — |
| Isc | Bind | 9.10.4 | P2 |
| Isc | Bind | 9.11.0 | A1 |
| Hp | Hp-Ux | 11.31 | — |
| Oracle | Solaris | 10.0 | — |
| Oracle | Solaris | 11.3 | — |
References
- http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlThird Party Advisory
- https://kb.isc.org/article/AA-01419/0Vendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.htmlThird Party Advisory
- https://kb.isc.org/article/AA-01419/0Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-2776?
How severe is CVE-2016-2776?
How do I fix CVE-2016-2776?
Are you affected by CVE-2016-2776?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST