// For flags

CVE-2016-2775

bind: Too long query name causes segmentation fault in lwresd

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición larga que utiliza el protocolo ligero de resolución.

It was found that the lightweight resolver protocol implementation in BIND could enter an infinite recursion and crash when asked to resolve a query name which, when combined with a search list entry, exceeds the maximum allowable length. A remote attacker could use this flaw to crash lwresd or named when using the "lwres" statement in named.conf.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-02-26 CVE Reserved
  • 2016-07-19 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-09-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (18)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hp
Search vendor "Hp"
Hp-ux
Search vendor "Hp" for product "Hp-ux"
b.11.31
Search vendor "Hp" for product "Hp-ux" and version "b.11.31"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
>= 9.0 <= 9.9.8
Search vendor "Isc" for product "Bind" and version " >= 9.0 <= 9.9.8"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
>= 9.10.0 <= 9.10.3
Search vendor "Isc" for product "Bind" and version " >= 9.10.0 <= 9.10.3"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
b1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
b2
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
p1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
rc1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
s1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.9.9
Search vendor "Isc" for product "Bind" and version "9.9.9"
s1rc1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.4
Search vendor "Isc" for product "Bind" and version "9.10.4"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.4
Search vendor "Isc" for product "Bind" and version "9.10.4"
beta1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.4
Search vendor "Isc" for product "Bind" and version "9.10.4"
beta2
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.4
Search vendor "Isc" for product "Bind" and version "9.10.4"
beta3
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.10.4
Search vendor "Isc" for product "Bind" and version "9.10.4"
p1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.0
Search vendor "Isc" for product "Bind" and version "9.11.0"
-
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.0
Search vendor "Isc" for product "Bind" and version "9.11.0"
alpha1
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.0
Search vendor "Isc" for product "Bind" and version "9.11.0"
alpha2
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.0
Search vendor "Isc" for product "Bind" and version "9.11.0"
alpha3
Affected
Isc
Search vendor "Isc"
Bind
Search vendor "Isc" for product "Bind"
9.11.0
Search vendor "Isc" for product "Bind" and version "9.11.0"
beta1
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
23
Search vendor "Fedoraproject" for product "Fedora" and version "23"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
24
Search vendor "Fedoraproject" for product "Fedora" and version "24"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.2
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.4
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.4"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.5
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.5"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
7.7
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
7.7
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.2
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.2"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.3
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.3"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.6
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.6"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
7.7
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "7.7"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected