Lucene search

MitreCVE-2016-2775

HistoryJul 19, 2016 - 10:59 p.m.

CVE-2016-2775

2016-07-1922:59:00

CWE-20

mitre

web.nvd.nist.gov

409

cve-2016-2775

isc bind

denial of service

daemon crash

lightweight resolver protocol

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0.913

Percentile

99.0%

JSON

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

Affected configurations

Nvd

Node

hphp-uxMatchb.11.31

Node

iscbindRange9.0–9.9.8

iscbindRange9.10.0–9.10.3

iscbindMatch9.9.9-

iscbindMatch9.9.9b1

iscbindMatch9.9.9b2

iscbindMatch9.9.9p1

iscbindMatch9.9.9rc1

iscbindMatch9.9.9s1

iscbindMatch9.9.9s1rc1

iscbindMatch9.10.4-

iscbindMatch9.10.4beta1

iscbindMatch9.10.4beta2

iscbindMatch9.10.4beta3

iscbindMatch9.10.4p1

iscbindMatch9.11.0-

iscbindMatch9.11.0alpha1

iscbindMatch9.11.0alpha2

iscbindMatch9.11.0alpha3

iscbindMatch9.11.0beta1

Node

fedoraprojectfedoraMatch23

fedoraprojectfedoraMatch24

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch7.2

redhatenterprise_linux_eusMatch7.3

redhatenterprise_linux_eusMatch7.4

redhatenterprise_linux_eusMatch7.5

redhatenterprise_linux_eusMatch7.6

redhatenterprise_linux_eusMatch7.7

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_tusMatch7.2

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
hphp-uxb.11.31cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
iscbind*cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:rc1:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*
iscbind9.9.9cpe:2.3:a:isc:bind:9.9.9:s1rc1:*:*:*:*:*:*
iscbind9.10.4cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	hp-ux	b.11.31	cpe:2.3:o:hp:hp-ux:b.11.31:::::::*
isc	bind	*	cpe:2.3:a:isc:bind::::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:-::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:b1::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:b2::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:p1::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:rc1::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:s1::::::
isc	bind	9.9.9	cpe:2.3:a:isc:bind:9.9.9:s1rc1::::::
isc	bind	9.10.4	cpe:2.3:a:isc:bind:9.10.4:-::::::