CVE-2016-2775
bind: Too long query name causes segmentation fault in lwresd
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.
ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición larga que utiliza el protocolo ligero de resolución.
It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-02-26 CVE Reserved
- 2016-07-19 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (18)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/92037 | Third Party Advisory | |
http://www.securitytracker.com/id/1036360 | Third Party Advisory | |
https://kb.isc.org/article/AA-01435 | Broken Link | |
https://kb.isc.org/article/AA-01436 | Broken Link | |
https://kb.isc.org/article/AA-01438 | Broken Link | |
https://security.netapp.com/advisory/ntap-20160722-0002 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107 | 2023-11-07 | |
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hp Search vendor "Hp" | Hp-ux Search vendor "Hp" for product "Hp-ux" | b.11.31 Search vendor "Hp" for product "Hp-ux" and version "b.11.31" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.0 <= 9.9.8 Search vendor "Isc" for product "Bind" and version " >= 9.0 <= 9.9.8" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | >= 9.10.0 <= 9.10.3 Search vendor "Isc" for product "Bind" and version " >= 9.10.0 <= 9.10.3" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | b1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | b2 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | p1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | rc1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | s1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.9.9 Search vendor "Isc" for product "Bind" and version "9.9.9" | s1rc1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | beta1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | beta2 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | beta3 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.10.4 Search vendor "Isc" for product "Bind" and version "9.10.4" | p1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | - |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | alpha1 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | alpha2 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | alpha3 |
Affected
| ||||||
Isc Search vendor "Isc" | Bind Search vendor "Isc" for product "Bind" | 9.11.0 Search vendor "Isc" for product "Bind" and version "9.11.0" | beta1 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 23 Search vendor "Fedoraproject" for product "Fedora" and version "23" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 24 Search vendor "Fedoraproject" for product "Fedora" and version "24" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.5 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.3 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 7.7 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|