CVE-2016-9131

critical-risk
Published 2017-01-12

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

Do I need to act?

!
72.8% chance of exploitation in next 30 days
EPSS score — higher than 27% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Isc Netapp Debian Redhat

References (18)

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0062.html
Third Party Advisory http://www.debian.org/security/2017/dsa-3758
Third Party Advisory http://www.securityfocus.com/bid/95386
Third Party Advisory http://www.securitytracker.com/id/1037582
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1583
Patch https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Patch https://kb.isc.org/article/AA-01439/74/CVE-2016-9131
Third Party Advisory https://security.gentoo.org/glsa/201708-01
Third Party Advisory https://security.netapp.com/advisory/ntap-20180926-0005/
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0062.html
Third Party Advisory http://www.debian.org/security/2017/dsa-3758
Third Party Advisory http://www.securityfocus.com/bid/95386
Third Party Advisory http://www.securitytracker.com/id/1037582
Third Party Advisory https://access.redhat.com/errata/RHSA-2017:1583
Patch https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Patch https://kb.isc.org/article/AA-01439/74/CVE-2016-9131
Third Party Advisory https://security.gentoo.org/glsa/201708-01
Third Party Advisory https://security.netapp.com/advisory/ntap-20180926-0005/
70
/ 100
critical-risk
Severity 26/34 · High
Exploitability 19/34 · Moderate
Exposure 25/34 · High