CVE-2016-2775

Published Jul 19, 2016
Last updated a year ago
Overview

Description: ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
Source: cve@mitre.org
NVD status: Modified
Hype score: Not currently trending
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: CWE-20
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "493B9A51-FA5C-4E94-871F-83AE4ED9EA1D",
            "versionEndIncluding": "9.9.8",
            "versionStartIncluding": "9.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "667502D2-746A-4FE6-8752-ED19ADA20981",
            "versionEndIncluding": "9.10.3",
            "versionStartIncluding": "9.10.0"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A2CF04B-BF26-43F9-8BF4-CEBB9BE3AE55"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B74D9C8B-886C-4D77-AD5F-393B8CAA732F"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACDB1CD1-7A0C-4418-ADFF-EDE393FB2703"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "376915CA-6BDB-423E-B216-64B098344DD9"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC3883FE-39B5-4D0D-BB5B-0C6F032C9487"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21FBF6B7-BA47-46AC-B7EB-3A3A2E985BFD"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.9.9:s1rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAA63832-F627-4495-B135-C0BBC4B0CB1C"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "477AA5E9-2C6F-4CCC-B596-F3DF5AAB13C3"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCF5FAB8-202C-4892-90C9-237292E840D6"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B059C6D-9CB3-48A8-8E9C-AD83000A422A"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F463911-2412-433F-87E9-AE9F22846A7C"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2D2132-62E8-4E73-A0BF-4790DAFC5558"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83538F7C-B8A7-4B8F-B0CB-E92400FF2456"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A6E457F-750E-445E-8655-72B0D0342F6F"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C2775BB-32E1-4407-8094-1F7FD86943F2"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A22E38E-0D40-40BA-8FFE-A499F12D041E"
          },
          {
            "criteria": "cpe:2.3:a:isc:bind:9.11.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F88EAF34-A2F3-4189-AD37-510A9E997F78"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1D81A1-CD24-4B17-8AFD-DC95E90AD7D0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "807C024A-F8E8-4B48-A349-4C68CD252CA1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6755B6AD-0422-467B-8115-34A60B1D1A40"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References
