named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
Published 2016-03-09 23:59:03
Updated 2023-11-30 17:08:49
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Denial of service

Threat overview for CVE-2016-1286

Top countries where our scanners detected CVE-2016-1286
Top open port discovered on systems with this issue 53
IPs affected by CVE-2016-1286 283,662
Threat actors abusing to this issue? Yes
Find out if you* are affected by CVE-2016-1286!
*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-1286

73.33%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1286

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
5.0
MEDIUM AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
NIST
8.6
HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
3.9
4.0
NIST
8.6
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
3.9
4.0
NIST

References for CVE-2016-1286

Products affected by CVE-2016-1286