CVE-2016-9147

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2017-0062.html
http://rhn.redhat.com/errata/RHSA-2017-0063.html
http://rhn.redhat.com/errata/RHSA-2017-0064.html
http://www.debian.org/security/2017/dsa-3758
http://www.securityfocus.com/bid/95390
http://www.securitytracker.com/id/1037582
https://access.redhat.com/errata/RHSA-2017:1582
https://access.redhat.com/errata/RHSA-2017:1583
https://kb.isc.org/article/AA-01440/74/CVE-2016-9147	Patch Vendor Advisory
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0005/
http://rhn.redhat.com/errata/RHSA-2017-0062.html
http://rhn.redhat.com/errata/RHSA-2017-0063.html
http://rhn.redhat.com/errata/RHSA-2017-0064.html
http://www.debian.org/security/2017/dsa-3758
http://www.securityfocus.com/bid/95390
http://www.securitytracker.com/id/1037582
https://access.redhat.com/errata/RHSA-2017:1582
https://access.redhat.com/errata/RHSA-2017:1583
https://kb.isc.org/article/AA-01440/74/CVE-2016-9147	Patch Vendor Advisory
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0005/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:isc:bind:9.9.9:p4::::::
	cpe:2.3:a:isc:bind:9.9.9:s6::::::
	cpe:2.3:a:isc:bind:9.10.4:p4::::::
	cpe:2.3:a:isc:bind:9.11.0:p1::::::

History

21 Nov 2024, 03:00

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0062.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0062.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0063.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0063.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2017-0064.html -~~	() http://rhn.redhat.com/errata/RHSA-2017-0064.html -
References	~~() http://www.debian.org/security/2017/dsa-3758 -~~	() http://www.debian.org/security/2017/dsa-3758 -
References	~~() http://www.securityfocus.com/bid/95390 -~~	() http://www.securityfocus.com/bid/95390 -
References	~~() http://www.securitytracker.com/id/1037582 -~~	() http://www.securitytracker.com/id/1037582 -
References	~~() https://access.redhat.com/errata/RHSA-2017:1582 -~~	() https://access.redhat.com/errata/RHSA-2017:1582 -
References	~~() https://access.redhat.com/errata/RHSA-2017:1583 -~~	() https://access.redhat.com/errata/RHSA-2017:1583 -
References	~~() https://kb.isc.org/article/AA-01440/74/CVE-2016-9147 - Patch, Vendor Advisory~~	() https://kb.isc.org/article/AA-01440/74/CVE-2016-9147 - Patch, Vendor Advisory
References	~~() https://security.gentoo.org/glsa/201708-01 -~~	() https://security.gentoo.org/glsa/201708-01 -
References	~~() https://security.netapp.com/advisory/ntap-20180926-0005/ -~~	() https://security.netapp.com/advisory/ntap-20180926-0005/ -

Information

Published : 2017-01-12 06:59

Updated : 2025-04-20 01:37

NVD link : CVE-2016-9147

Mitre link : CVE-2016-9147

CVE.ORG link : CVE-2016-9147

JSON object : View

Products Affected

isc

bind

CWE

CWE-20

Improper Input Validation

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-9147

7.5^/10

5.0^/10

Attach tags to `CVE-2016-9147`