Published: 20/01/2016 Updated: 30/10/2018

CVSS v2 Base Score: 6.6 | Impact Score: 8.5 | Exploitability Score: 4.9

CVSS v3 Base Score: 7 | Impact Score: 4.7 | Exploitability Score: 2.2

VMScore: 589

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:C

buffer.c in named in ISC BIND 9.10.x prior to 9.10.3-P3, when debug logging is enabled, allows remote malicious users to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
isc bind 9.10.2
isc bind 9.6
isc bind 9.5.3
isc bind 9.5.2
isc bind 9.5.1
isc bind 9.4.3
isc bind 9.4
isc bind 9.3.3
isc bind 9.2.5
isc bind 9.2.4
isc bind 9.1.2
isc bind 9.1.1
isc bind 9.10.3
isc bind 9.5.0
isc bind 9.5
isc bind 9.4.1
isc bind 9.4.0
isc bind 9.3.0
isc bind 9.3
isc bind 9.2.1
isc bind 9.2.0
isc bind 9.0
isc bind 9.10.1
isc bind 9.4.2
isc bind 9.3.2
isc bind 9.3.1
isc bind 9.2.3
isc bind 9.2.2
isc bind 9.1
isc bind 9.0.1
isc bind 9.9.8
isc bind 9.2.7
isc bind 9.2.6
isc bind 9.2
isc bind 9.1.3

bufferc in named in ISC BIND 910x before 9103-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option ...

CWE-20 https://kb.isc.org/article/AA-01336 http://www.securitytracker.com/id/1034740 https://kb.isc.org/article/AA-01380 http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html http://www.securityfocus.com/bid/81314 http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html https://security.gentoo.org/glsa/201610-07 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-8705

CVE-2015-8705

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect