CVE-2016-1286
critical-risk
Published 2016-03-09
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
Do I need to act?
!
53.6% chance of exploitation in next 30 days
EPSS score — higher than 46% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10
High
NETWORK
/ LOW complexity
Affected Products (20)
References (58)
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00075.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00079.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00084.html
Issue Tracking
http://marc.info/?l=bugtraq&m=146191105921542&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0562.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0601.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3511
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.h...
and 38 more references
80
/ 100
critical-risk
Severity
29/34 · Critical
Exploitability
18/34 · Moderate
Exposure
33/34 · Critical