CVE-2016-6170
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
06/07/2016
Last modified:
12/04/2025
Description
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* | 9.0 (including) | 9.9.8 (including) |
| cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* | 9.10.0 (including) | 9.10.3 (including) |
| cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:* | ||
| cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2016/07/06/3
- http://www.securityfocus.com/bid/91611
- http://www.securitytracker.com/id/1036241
- https://bugzilla.redhat.com/show_bug.cgi?id=1353563
- https://github.com/sischkg/xfer-limit/blob/master/README.md
- https://kb.isc.org/article/AA-01390
- https://kb.isc.org/article/AA-01390/169/CVE-2016-6170
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html
- https://security.gentoo.org/glsa/201610-07
- http://www.openwall.com/lists/oss-security/2016/07/06/3
- http://www.securityfocus.com/bid/91611
- http://www.securitytracker.com/id/1036241
- https://bugzilla.redhat.com/show_bug.cgi?id=1353563
- https://github.com/sischkg/xfer-limit/blob/master/README.md
- https://kb.isc.org/article/AA-01390
- https://kb.isc.org/article/AA-01390/169/CVE-2016-6170
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html
- https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html
- https://security.gentoo.org/glsa/201610-07