CVE-2016-2775

CVE-2016-2775 is a denial-of-service in ISC BIND where, when lwresd or the lwres option is enabled, an overly long request using the lightweight resolver protocol can crash the daemon. Affected versions: BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2. Public advisor...

CVE-2016-2775

It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or...

nginx: Insufficient limits of CNAME resolution in resolver

It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration...

nginx: invalid pointer dereference in resolver

It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its...

The vulnerability of the Thunderbird email client, which allows a remote attacker to execute arbitrary code or trigger a service denial-of-service attack.

Mozilla Thunderbird’s software contains a vulnerability in the nsHostResolver::ConditionalRefreshRecord function. If exploited, an attacker can execute arbitrary code or cause service interruptions by manipulating server permissions...

The vulnerability of the Firefox ESR browser allows a malicious attacker to execute arbitrary code or trigger a service denial.

Mozilla Firefox ESR’s software contains a vulnerability in the nsHostResolver::ConditionalRefreshRecord function. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by manipulating server permissions...

The vulnerability of the SeaMonkey software package allows a malicious attacker to execute arbitrary code or cause a service failure.

The SeaMonkey software contains a vulnerability in the nsHostResolver::ConditionalRefreshRecord function. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service interruptions by manipulating server permissions...

DNS BIND server vulnerability, allowing attackers to cause service failures

The vulnerability in the resolver.c function of the BIND DNS server exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause a service failure—such as the appearance of an error message indicating “Assertion failure” or the termination o...

Nginx DNS Resolver Denial of Service (CVE-2016-0742)

A denial-of-service vulnerability exists in NGINX. The vulnerability is due to nginx dereferencing an invalid pointer while processing certain DNS packets. A remote, man-in-the-middle attacker could exploit this vulnerability by forging UDP packets as if from a trusted DNS server...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Debian Debian_Linux

PoC attack server for CVE-2015-7547 vulnerability in glibc DNS...

[SECURITY] Fedora 22 Update: bind-9.10.3-9.P4.fc22

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

FreeBSD : bind -- denial of service vulnerability (cba246d2-f483-11e5-92ce-002590263bf5)

ISC reports : A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

[SECURITY] Fedora 24 Update: bind-9.10.3-12.P4.fc24

BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...

Scientific Linux Security Update : tomcat6 on SL6.x i386/x86_64 (20160323)

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 This update also fixes the following bug : - Previously, using a New I/O NIO connector i...

SA115 : Multiple nginx DNS resolver vulnerabilities

SUMMARY Blue Coat products that include affected versions of nginx and enable the nginx DNS resolver are susceptible to multiple vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to cause denial of service. In some cases, the attacker m...

Amazon Linux AMI : tomcat6 (ALAS-2016-656)

It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. CVE-2014-7810 It was found that Tomcat would keep connections open after processing requests with a...

Amazon Linux: Security Advisory (ALAS-2016-658)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-665)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2016-657)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Debian Debian_Linux

PoC attack server for CVE-2015-7547 vulnerability in glibc DNS...