CVE-2016-2776

Low

Low Medium High Critical

CVSS Score

Published: Sep 28, 2016

Last Modified: Apr 12, 2025

Vulnerability Description

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Known Affected Software

15 configuration(s) from 3 vendor(s)

hp-ux

Version:

11.31

CPE:

cpe:2.3:o:hp:hp-ux:11.31:*:*:*:*:*:*:*

bind

Version:

9.10.0

CPE:

cpe:2.3:a:isc:bind:9.10.0:-:*:*:*:*:*:*

bind

Version:

9.11.0

CPE:

cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*

bind

Version:

9.10.2

CPE:

cpe:2.3:a:isc:bind:9.10.2:-:*:*:*:*:*:*

bind

Version:

9.10.4

CPE:

cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*

bind

Version:

9.10.1

CPE:

cpe:2.3:a:isc:bind:9.10.1:-:*:*:*:*:*:*

bind

Version:

9.10.3

CPE:

cpe:2.3:a:isc:bind:9.10.3:-:*:*:*:*:*:*

vm_server

Version:

3.2

CPE:

cpe:2.3:a:oracle:vm_server:3.2:*:*:*:*:*:x86:*

solaris

Version:

11.3

CPE:

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

linux

Version:

5.0

CPE:

cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*

vm_server

Version:

3.3

CPE:

cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:*

linux

Version:

CPE:

cpe:2.3:o:oracle:linux:7:8:*:*:*:*:*:*

vm_server

Version:

3.4

CPE:

cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*

linux

Version:

CPE:

cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*

solaris

Version:

10.0

CPE:

cpe:2.3:o:oracle:solaris:10.0:*:*:*:*:*:*:*

This vulnerability affects 15 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-20 Top 25 #14

Improper Input Validation

Description: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class