Main Vulnerability Database Vulnerabilities #VU4350

#VU4350 Input validation error in ISC BIND - CVE-2016-9444

Published: January 12, 2017 / Updated: January 12, 2017

Vulnerability identifier: #VU4350

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-9444

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
ISC BIND

Software vendor:
ISC

Description

The vulnerability allows a remote attacker to cause denial of service conditions.

The vulnerability exists due to assertion failure when processing input data. A remote attacker can send a specially crafted DS resource record in an answer, trigger assertion failure and cause denial of service.

Successful exploitation of the vulnerability will result in DoS attack against vulnerable application.

Remediation

The vendor has issued the following versions to address this vulnerability: 9.9.9-P5, 9.10.4-P5, 9.11.0-P2 or 9.9.9-S7.

External links

https://kb.isc.org/article/AA-01441

#VU4350 Input validation error in ISC BIND - CVE-2016-9444

Description

Remediation

External links

Please verify you're human