7.5

CVE-2016-9147

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind Version9.9.9 Updatep4
IscBind Version9.9.9 Updates6
IscBind Version9.10.4 Updatep4
IscBind Version9.11.0 Updatep1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.6% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.netapp.com/advisory/ntap-20180926-0005/
https://access.redhat.com/errata/RHSA-2017:1583
http://rhn.redhat.com/errata/RHSA-2017-0062.html
http://www.debian.org/security/2017/dsa-3758
http://www.securitytracker.com/id/1037582
https://security.gentoo.org/glsa/201708-01
http://rhn.redhat.com/errata/RHSA-2017-0063.html
http://rhn.redhat.com/errata/RHSA-2017-0064.html
http://www.securityfocus.com/bid/95390
https://access.redhat.com/errata/RHSA-2017:1582
https://kb.isc.org/article/AA-01440/74/CVE-2016-9147
Patch
Vendor Advisory