7041 matches found
squid: wrong error handling for malformed HTTP responses
It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...
squid: some code paths fail to check bounds in string object
Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...
squid: wrong error handling for malformed HTTP responses
It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...
squid: some code paths fail to check bounds in string object
Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...
squid: denial of service issue in HTTP response processing
An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response...
RHEL 5 / 6 : bind (RHSA-2016:2141)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2141 advisory. - bind: assertion failure while handling responses containing a DNAME answer CVE-2016-8864 Note that Nessus has not tested for this issue but has...
Debian DSA-3703-1 : bind9 - security update
Tony Finch and Marco Davids reported an assertion failure in BIND, a DNS server implementation, which causes the server process to terminate. This denial-of-service vulnerability is related to a defect in the processing of responses with DNAME records from authoritative servers and primarily...
SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2016:2697-1)
This update for bind fixes the following issues : - A defect in BIND's handling of responses containing a DNAME answer had the potential to trigger assertion errors in the server remotely, thereby facilitating a denial-of-service attack. CVE-2016-8864, bsc1007829. - Fix BIND to return a valid...
Design/Logic Flaw
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c...
DEBIAN-CVE-2016-8864
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c...
bind: assertion failure while handling responses containing a DNAME answer
A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...
CVE-2016-8864
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c...
bind97 security update
CentOS Errata and Security Advisory CESA-2016:2142 An update for bind97 is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
DLA-696-1 bind9 - security update
Bulletin has no description...
BIND -- Remote Denial of Service vulnerability
ISC reports: A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or resolver.c...
UBUNTU-CVE-2016-8864
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service assertion failure and daemon exit via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c...
DSA-3703-1 bind9 - security update
Bulletin has no description...
[ASA-201611-3] bind: denial of service
Arch Linux Security Advisory ASA-201611-3 ========================================= Severity: High Date : 2016-11-01 CVE-ID : CVE-2016-8864 Package : bind Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package bind before version...
F5 BIG-IP - BIND vulnerability CVE-2016-2848
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a...
CVE-2016-8883
The jpcdectiledecode function in jpcdec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service assertion failure via a crafted file...