Denial of Service Vulnerability in ISC BIND Lightweight Resolver
CVE-2016-2775

5.9MEDIUM

Key Information:

Vendor
HP
Status
HP-ux
Vendor
CVE Published:
19 July 2016

Summary

This vulnerability in ISC BIND occurs when lwresd or the named lwres option is activated. It enables remote attackers to exploit the lightweight resolver protocol, potentially causing the daemon to crash through long, crafted requests. Organizations using affected versions are urged to upgrade to patched releases to mitigate the risk of denial of service attacks.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://kb.isc.org/article/AA-01438
x_refsource_CONFIRM
https://access.redhat.com/errata/RHBA-2017:1767
vendor-advisoryx_refsource_REDHAT

EPSS Score

29% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.