7.8
CVE-2016-2776
- EPSS 89.48%
- Veröffentlicht 28.09.2016 10:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 89.48% | 0.998 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://kb.isc.org/article/AA-01438
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html
https://security.gentoo.org/glsa/201610-07
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107
https://kb.isc.org/article/AA-01435
https://kb.isc.org/article/AA-01436
http://rhn.redhat.com/errata/RHSA-2016-1944.html
http://rhn.redhat.com/errata/RHSA-2016-1945.html
http://rhn.redhat.com/errata/RHSA-2016-2099.html
http://www.securityfocus.com/bid/93188
http://www.securitytracker.com/id/1036903
https://kb.isc.org/article/AA-01419/0
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc
https://security.netapp.com/advisory/ntap-20160930-0001/
https://www.exploit-db.com/exploits/40453/