CVE-2016-9444

critical-risk
Published 2017-01-12

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.

Do I need to act?

!
50.5% chance of exploitation in next 30 days
EPSS score — higher than 50% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Isc

References (18)

http://rhn.redhat.com/errata/RHSA-2017-0062.html
http://www.debian.org/security/2017/dsa-3758
http://www.securityfocus.com/bid/95393
http://www.securitytracker.com/id/1037582
https://access.redhat.com/errata/RHSA-2017:1583
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Patch https://kb.isc.org/article/AA-01441/74/CVE-2016-9444
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0005/
http://rhn.redhat.com/errata/RHSA-2017-0062.html
http://www.debian.org/security/2017/dsa-3758
http://www.securityfocus.com/bid/95393
http://www.securitytracker.com/id/1037582
https://access.redhat.com/errata/RHSA-2017:1583
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...
Patch https://kb.isc.org/article/AA-01441/74/CVE-2016-9444
https://security.gentoo.org/glsa/201708-01
https://security.netapp.com/advisory/ntap-20180926-0005/
77
/ 100
critical-risk
Severity 26/34 · High
Exploitability 18/34 · Moderate
Exposure 33/34 · Critical