6.5

CVE-2016-6170

Exploit

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

Data is provided by the National Vulnerability Database (NVD)
IscBind Version >= 9.0 <= 9.9.8
IscBind Version >= 9.10.0 <= 9.10.3
IscBind Version9.9.9 Update-
IscBind Version9.9.9 Updatebeta1
IscBind Version9.9.9 Updatebeta2
IscBind Version9.9.9 Updatep1
IscBind Version9.10.4 Update-
IscBind Version9.10.4 Updatep1
IscBind Version9.11.0 Updatea1
IscBind Version9.11.0 Updatea2
IscBind Version9.11.0 Updatea3
IscBind Version9.11.0 Updateb1
RedhatEnterprise Linux Version5.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.91% 0.826
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/91611
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036241
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1353563
Patch
Third Party Advisory
Issue Tracking