CVE-2016-2775

5.9MEDIUM

Key Information:

Vendor: HP
Status: HP-ux
Vendor: CVE Published:; 19 July 2016

Summary

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://kb.isc.org/article/AA-01438

x_refsource_CONFIRM

https://access.redhat.com/errata/RHBA-2017:1767

vendor-advisoryx_refsource_REDHAT

EPSS Score

89% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2016
Vulnerability Reserved
Feb 26, 2016

.