CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
99.3%
Severity: High
Date : 2016-11-01
CVE-ID : CVE-2016-8864
Package : bind
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package bind before version 9.11.0.P1-1 is vulnerable to denial of
service.
Upgrade to 9.11.0.P1-1.
The problem has been fixed upstream in version 9.11.0.P1.
None.
A defect in BINDโs handling of responses containing a DNAME answer can
cause a resolver to exit after encountering an assertion failure in
db.c or resolver.c
During processing of a recursive response that contains a DNAME record
in the answer section, BIND can stop execution after encountering an
assertion error in resolver.c (error message: โINSIST((valoptions &
0x0002U) != 0) failedโ) or db.c (error message: โREQUIRE(targetp !=
((void *)0) && *targetp == ((void *)0)) failedโ).
A server encountering either of these error conditions will stop,
resulting in denial of service to clients. The risk to authoritative
servers is minimal; recursive servers are chiefly at risk.
An attacker can send a crafted DNAME answer to crash the application.
https://kb.isc.org/article/AA-01434/0
https://ftp.isc.org/isc/bind9/9.11.0-P1/RELEASE-NOTES-bind-9.11.0-P1.html
https://access.redhat.com/security/cve/CVE-2016-8864
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
99.3%