Main Vulnerability Database Vulnerabilities #VU4349

#VU4349 Input validation error in ISC BIND - CVE-2016-9147

Published: January 12, 2017 / Updated: January 12, 2017

Vulnerability identifier: #VU4349

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9147

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to assertion failure when processing input data. A remote attacker can send a response containing an inconsistency among the DNSSEC-related RRsets, trigger assertion failure and cause denial of service.

Successful exploitation of the vulnerability will result in DoS attack against vulnerable application.

Remediation

The vendor has issued the following versions to address this vulnerability: 9.9.9-P5, 9.10.4-P5, 9.11.0-P2 or 9.9.9-S7.

External links

https://kb.isc.org/article/AA-01440

#VU4349 Input validation error in ISC BIND - CVE-2016-9147

Description

Remediation

External links

Please verify you're human