Vulnerability Details : CVE-2015-5986
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2015-5986
- cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*
Threat overview for CVE-2015-5986
Top countries where our scanners detected CVE-2015-5986
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-5986 219,442
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-5986!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-5986
95.81%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5986
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2015-5986
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5986
-
http://www.securitytracker.com/id/1033453
BIND OpenPGP Key Processing Flaw Lets Remote Users Cause the Target DNS Service to Terminate - SecurityTracker
-
https://kb.isc.org/article/AA-01306
404 Page not found
-
https://kb.isc.org/article/AA-01307
404 Page not found
-
https://security.netapp.com/advisory/ntap-20190730-0001/
September 2015 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security
-
https://kb.isc.org/article/AA-01438
404 Page not found
-
https://security.gentoo.org/glsa/201510-01
BIND: Denial of Service (GLSA 201510-01) — Gentoo security
-
http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html
Apple - Lists.apple.com
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html
[SECURITY] Fedora 23 Update: bind99-9.9.7-7.P3.fc23
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html
[SECURITY] Fedora 22 Update: bind99-9.9.7-7.P3.fc22
-
https://kb.isc.org/article/AA-01305
404 Page not found
-
https://support.apple.com/HT205376
About the security content of OS X Server 5.0.15 - Apple Support
-
https://kb.isc.org/article/AA-01291
CVE-2015-5986: An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c - Affecting Only Obsolete BranchesVendor Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10134
-
http://www.securityfocus.com/bid/76618
ISC BIND 'openpgpkey_61.c' Remote Denial of Service Vulnerability
Jump to