CVE-2016-9444
Vulnerability Summary
Timeline
Description
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
CVSS Metrics
- v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 30.87%• Percentile: 97%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- alpine•bind
< 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0 | < 9.10.4_p5-r0
- debian•bind9
< 1:9.10.3.dfsg.P4-11 | < 1:9.10.3.dfsg.P4-11 | < 1:9.10.3.dfsg.P4-11
- isc•bind
9.0 | 9.0.0:rc1 | 9.0.0:rc2 | 9.0.0:rc3 | 9.0.0:rc4 | 9.0.0:rc5 | 9.0.0:rc6 | 9.0.1 | 9.0.1:rc1 | 9.0.1:rc2 | 9.1 | 9.1.0:rc1 | 9.1.1 | 9.1.1:rc1 | 9.1.1:rc2 | 9.1.1:rc3 | 9.1.1:rc4 | 9.1.1:rc5 | 9.1.1:rc6 | 9.1.1:rc7 | 9.1.2 | 9.1.2:rc1 | 9.1.3 | 9.1.3:rc1 | 9.1.3:rc2 | 9.1.3:rc3 | 9.2 | 9.2.0 | 9.2.0:a1 | 9.2.0:a2 | 9.2.0:a3 | 9.2.0:b1 | 9.2.0:b2 | 9.2.0:rc1 | 9.2.0:rc10 | 9.2.0:rc2 | 9.2.0:rc3 | 9.2.0:rc4 | 9.2.0:rc5 | 9.2.0:rc6 | 9.2.0:rc7 | 9.2.0:rc8 | 9.2.0:rc9 | 9.2.1 | 9.2.1:rc1 | 9.2.1:rc2 | 9.2.2 | 9.2.2:p2 | 9.2.2:p3 | 9.2.2:rc1 | 9.2.3 | 9.2.3:rc1 | 9.2.3:rc2 | 9.2.3:rc3 | 9.2.3:rc4 | 9.2.4 | 9.2.4:rc2 | 9.2.4:rc3 | 9.2.4:rc4 | 9.2.4:rc5 | 9.2.4:rc6 | 9.2.4:rc7 | 9.2.4:rc8 | 9.2.5 | 9.2.5:b2 | 9.2.5:rc1 | 9.2.6 | 9.2.6:rc1 | 9.2.7 | 9.2.7:rc1 | 9.2.7:rc2 | 9.2.7:rc3 | 9.2.8 | 9.2.9 | 9.2.9:rc1 | 9.3 | 9.3.0 | 9.3.0:b2 | 9.3.0:b3 | 9.3.0:b4 | 9.3.0:rc1 | 9.3.0:rc2 | 9.3.0:rc3 | 9.3.0:rc4 | 9.3.1 | 9.3.1:b2 | 9.3.1:rc1 | 9.3.2 | 9.3.2:rc1 | 9.3.3 | 9.3.3:rc1 | 9.3.3:rc2 | 9.3.3:rc3 | 9.3.4 | 9.3.5 | 9.3.5:p2_w1 | 9.3.5:rc1 | 9.3.5:rc2 | 9.3.6 | 9.3.6:rc1 | 9.4 | 9.4:b1 | 9.4:r1 | 9.4:r2 | 9.4:r3 | 9.4:r4 | 9.4:r4-p1 | 9.4:r5 | 9.4:r5-b1 | 9.4:r5-p1 | 9.4:r5-rc1 | 9.4.0 | 9.4.0:a1 | 9.4.0:a2 | 9.4.0:a3 | 9.4.0:a4 | 9.4.0:a5 | 9.4.0:a6 | 9.4.0:b1 | 9.4.0:b2 | 9.4.0:b3 | 9.4.0:b4 | 9.4.0:rc1 | 9.4.0:rc2 | 9.4.1 | 9.4.2 | 9.4.2:p2_w1 | 9.4.2:rc1 | 9.4.2:rc2 | 9.4.3 | 9.4.3:b1 | 9.4.3:b2 | 9.4.3:b3 | 9.4.3:p1 | 9.4.3:p2 | 9.4.3:p3 | 9.4.3:p4 | 9.4.3:p5 | 9.4.3:rc1 | 9.5 | 9.5.0 | 9.5.0:a1 | 9.5.0:a2 | 9.5.0:a3 | 9.5.0:a4 | 9.5.0:a5 | 9.5.0:a6 | 9.5.0:a7 | 9.5.0:b1 | 9.5.0:b2 | 9.5.0:b3 | 9.5.0:p1 | 9.5.0:p2 | 9.5.0:p2_w1 | 9.5.0:p2_w2 | 9.5.0:rc1 | 9.5.1 | 9.5.1:b1 | 9.5.1:b2 | 9.5.1:b3 | 9.5.1:rc1 | 9.5.1:rc2 | 9.5.2 | 9.5.2:b1 | 9.5.2:p1 | 9.5.2:p2 | 9.5.2:p3 | 9.5.2:p4 | 9.5.2:rc1 | 9.5.3:b1 | 9.5.3:rc1 | 9.6 | 9.6:r1 | 9.6:r2 | 9.6:r3 | 9.6:r4 | 9.6:r4_p1 | 9.6:r5 | 9.6:r5_b1 | 9.6:r5_p1 | 9.6:r6 | 9.6:r6_b1 | 9.6:r6_rc1 | 9.6:r6_rc2 | 9.6:r7 | 9.6:r7_p1 | 9.6:r7_p2 | 9.6:r9 | 9.6:r9_p1 | 9.6.0 | 9.6.0:a1 | 9.6.0:b1 | 9.6.0:p1 | 9.6.0:rc1 | 9.6.0:rc2 | 9.6.1 | 9.6.1:b1 | 9.6.1:p1 | 9.6.1:p2 | 9.6.1:p3 | 9.6.1:rc1 | 9.6.2 | 9.6.2:b1 | 9.6.2:p1 | 9.6.2:p2 | 9.6.2:p3 | 9.6.2:rc1 | 9.6.3 | 9.6.3:b1 | 9.6.3:rc1 | 9.7.0 | 9.7.0:a1 | 9.7.0:a2 | 9.7.0:a3 | 9.7.0:b1 | 9.7.0:b2 | 9.7.0:b3 | 9.7.0:p1 | 9.7.0:p2 | 9.7.0:rc1 | 9.7.0:rc2 | 9.7.1 | 9.7.1:b1 | 9.7.1:p1 | 9.7.1:p2 | 9.7.1:rc1 | 9.7.2 | 9.7.2:p1 | 9.7.2:p2 | 9.7.2:p3 | 9.7.2:rc1 | 9.7.3 | 9.7.3:b1 | 9.7.3:p1 | 9.7.3:rc1 | 9.7.4 | 9.7.4:b1 | 9.7.4:p1 | 9.7.4:rc1 | 9.7.5 | 9.7.5:b1 | 9.7.5:rc1 | 9.7.5:rc2 | 9.7.6 | 9.7.6:p1 | 9.7.6:p2 | 9.7.6:p3 | 9.7.6:p4 | 9.7.7 | 9.8.0 | 9.8.0:a1 | 9.8.0:b1 | 9.8.0:p1 | 9.8.0:p2 | 9.8.0:p4 | 9.8.0:rc1 | 9.8.1 | 9.9.8:p2 | 9.9.8:p3 | 9.9.8:p4 | 9.9.8:rc1 | 9.9.8:s1 | 9.9.8:s2 | 9.9.8:s3 | 9.9.8:s4 | 9.9.8:s5 | 9.9.8:s6 | 9.9.9 | 9.9.9:b1 | 9.9.9:b2 | 9.9.9:p1 | 9.9.9:p3 | 9.9.9:p4 | 9.10.0 | 9.10.0:a1 | 9.10.0:a2 | 9.10.0:b1 | 9.10.0:b2 | 9.10.0:p1 | 9.10.0:p2 | 9.10.0:rc1 | 9.10.0:rc2 | 9.10.1 | 9.10.1:b1 | 9.10.1:b2 | 9.10.1:p1 | 9.10.1:p2 | 9.10.1:rc1 | 9.10.1:rc2 | 9.10.2:b1 | 9.10.2:p1 | 9.10.2:p2 | 9.10.2:p3 | 9.10.2:p4 | 9.10.2:rc1 | 9.10.2:rc2 | 9.10.3 | 9.10.3:b1 | 9.10.3:p1 | 9.10.3:p2 | 9.10.3:p3 | 9.10.3:p4 | 9.10.3:rc1 | 9.10.4:b2 | 9.10.4:b3 | 9.10.4:p2 | 9.10.4:p3 | 9.10.4:p4 | 9.10.4:rc1 | 9.11.0:a1 | 9.11.0:a2 | 9.11.0:a3 | 9.11.0:b1 | 9.11.0:b2 | 9.11.0:b3 | 9.11.0:p1 | 9.11.0:rc1
References (11)
- http://www.securityfocus.com/bid/95393
- http://www.securitytracker.com/id/1037582
- https://security.gentoo.org/glsa/201708-01
- https://kb.isc.org/article/AA-01441/74/CVE-2016-9444
- https://security.netapp.com/advisory/ntap-20180926-0005/
- http://www.debian.org/security/2017/dsa-3758
- https://access.redhat.com/errata/RHSA-2017:1583
- http://rhn.redhat.com/errata/RHSA-2017-0062.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05381687
- https://security.alpinelinux.org/vuln/CVE-2016-9444
- https://security-tracker.debian.org/tracker/CVE-2016-9444