Vulnerability Details : CVE-2016-9147
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-9147
- cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*
Threat overview for CVE-2016-9147
Top countries where our scanners detected CVE-2016-9147
Top open port discovered on systems with this issue
53
IPs affected by CVE-2016-9147 205
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-9147!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-9147
52.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9147
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9147
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9147
-
http://www.securitytracker.com/id/1037582
BIND Multiple Flaws Let Remote Users Cause the Target named Service to Stop Processing - SecurityTracker
-
https://kb.isc.org/article/AA-01440/74/CVE-2016-9147
CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure - Security AdvisoriesPatch;Vendor Advisory
-
http://www.debian.org/security/2017/dsa-3758
Debian -- Security Information -- DSA-3758-1 bind9
-
https://access.redhat.com/errata/RHSA-2017:1583
RHSA-2017:1583 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:1582
RHSA-2017:1582 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201708-01
BIND: Multiple vulnerabilities (GLSA 201708-01) — Gentoo security
-
http://www.securityfocus.com/bid/95390
ISC BIND CVE-2016-9147 Remote Denial of Service Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2017-0062.html
RHSA-2017:0062 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20180926-0005/
February 2018 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security
-
http://rhn.redhat.com/errata/RHSA-2017-0064.html
RHSA-2017:0064 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2017-0063.html
RHSA-2017:0063 - Security Advisory - Red Hat Customer Portal
Jump to