5.9

CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HpHp-ux Versionb.11.31
IscBind Version >= 9.0 <= 9.9.8
IscBind Version >= 9.10.0 <= 9.10.3
IscBind Version9.9.9 Update-
IscBind Version9.9.9 Updateb1
IscBind Version9.9.9 Updateb2
IscBind Version9.9.9 Updatep1
IscBind Version9.9.9 Updaterc1
IscBind Version9.9.9 Updates1
IscBind Version9.9.9 Updates1rc1
IscBind Version9.10.4 Update-
IscBind Version9.10.4 Updatebeta1
IscBind Version9.10.4 Updatebeta2
IscBind Version9.10.4 Updatebeta3
IscBind Version9.10.4 Updatep1
IscBind Version9.11.0 Update-
IscBind Version9.11.0 Updatealpha1
IscBind Version9.11.0 Updatealpha2
IscBind Version9.11.0 Updatealpha3
IscBind Version9.11.0 Updatebeta1
FedoraprojectFedora Version23
FedoraprojectFedora Version24
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 63.35% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://kb.isc.org/article/AA-01438
Broken Link
https://security.gentoo.org/glsa/201610-07
Third Party Advisory
http://www.securityfocus.com/bid/92037
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036360
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHBA-2017:0651
Third Party Advisory
https://access.redhat.com/errata/RHBA-2017:1767
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2533
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107
Patch
Vendor Advisory
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775
Patch
Vendor Advisory
https://kb.isc.org/article/AA-01435
Broken Link
https://kb.isc.org/article/AA-01436
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7T2WJP5ELO4ZRSBXSETIZ3GAO6KOEFTA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZUCSMEOZIZ2R2SKA4FPLTOVZHJBAOWC/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/
https://security.netapp.com/advisory/ntap-20160722-0002/
Third Party Advisory