Lucene search

[email protected]NVD:CVE-2016-2776

HistorySep 28, 2016 - 10:59 a.m.

CVE-2016-2776

2016-09-2810:59:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.972

Percentile

99.9%

JSON

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Affected configurations

Nvd

Node

oraclelinuxMatch5.0

oraclelinuxMatch6

oraclelinuxMatch7

Node

oraclevm_serverMatch3.2

oraclevm_serverMatch3.3

oraclevm_serverMatch3.4

Node

iscbindRange≤9.9.9p3

iscbindMatch9.10.0

iscbindMatch9.10.0a1

iscbindMatch9.10.0a2

iscbindMatch9.10.0b1

iscbindMatch9.10.0b2

iscbindMatch9.10.0p1

iscbindMatch9.10.0p2

iscbindMatch9.10.0rc1

iscbindMatch9.10.0rc2

iscbindMatch9.10.1

iscbindMatch9.10.1b1

iscbindMatch9.10.1b2

iscbindMatch9.10.1p1

iscbindMatch9.10.1p2

iscbindMatch9.10.1rc1

iscbindMatch9.10.1rc2

iscbindMatch9.10.2b1

iscbindMatch9.10.2p1

iscbindMatch9.10.2p2

iscbindMatch9.10.2p3

iscbindMatch9.10.2p4

iscbindMatch9.10.2rc1

iscbindMatch9.10.2rc2

iscbindMatch9.10.3

iscbindMatch9.10.3b1

iscbindMatch9.10.3p1

iscbindMatch9.10.3p2

iscbindMatch9.10.3p3

iscbindMatch9.10.3p4

iscbindMatch9.10.3rc1

iscbindMatch9.10.4p2

iscbindMatch9.10.4p3

iscbindMatch9.11.0a1

iscbindMatch9.11.0a2

iscbindMatch9.11.0a3

iscbindMatch9.11.0b1

iscbindMatch9.11.0b2

iscbindMatch9.11.0b3

iscbindMatch9.11.0rc1

Node

hphp-uxMatch11.31

Node

oraclesolarisMatch10.0

oraclesolarisMatch11.3

References

rhn.redhat.com/errata/RHSA-2016-1944.html

rhn.redhat.com/errata/RHSA-2016-1945.html

rhn.redhat.com/errata/RHSA-2016-2099.html

www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/93188

www.securitytracker.com/id/1036903

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107

kb.isc.org/article/AA-01419/0

kb.isc.org/article/AA-01435

kb.isc.org/article/AA-01436

kb.isc.org/article/AA-01438

security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc

security.gentoo.org/glsa/201610-07

security.netapp.com/advisory/ntap-20160930-0001/

www.exploit-db.com/exploits/40453/

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.972

Percentile

99.9%

JSON

CVE-2016-2776

Affected configurations

References

Related