CVE-2016-2776

7.5HIGH

Key Information:

Vendor
Oracle
Status
Linux
Vendor
CVE Published:
28 September 2016

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 97%

Summary

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2016-2776
Created by infobyte

CVE-2016-2776
Created by KosukeShimofuji

References

http://www.securityfocus.com/bid/93188
vdb-entryx_refsource_BID
https://kb.isc.org/article/AA-01438
x_refsource_CONFIRM
https://kb.isc.org/article/AA-01419/0
x_refsource_CONFIRM

EPSS Score

97% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.