Main Vulnerability Database Vulnerabilities #VU4347

#VU4347 Input validation error in ISC BIND - CVE-2016-9131

Published: January 12, 2017 / Updated: January 12, 2017

Vulnerability identifier: #VU4347

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9131

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to assertion failure when processing DNS responses. A remote attacker can send a malformed response to an RTYPE ANY query, trigger assertion failure and cause denial of service.

Successful exploitation of the vulnerability will result in DoS attack against vulnerable application.

Remediation

The vendor has issued the following versions to address this vulnerability: 9.9.9-P5, 9.10.4-P5, 9.11.0-P2 or 9.9.9-S7.

External links

https://kb.isc.org/article/AA-01439

#VU4347 Input validation error in ISC BIND - CVE-2016-9131

Description

Remediation

External links

Please verify you're human