CVE-2015-5477

EXPLOITED

ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-5477 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 11 public exploits from researchers including Errata Security, elceef, robertdavidgraham, including a Metasploit module auxiliary/dos/dns/bind_tkey.

AI-analyzed exploit summary This PoC exploits CVE-2015-5477, a DoS vulnerability in BIND9's TKEY handling. It sends a malformed TKEY packet to crash the server by triggering an assertion failure during record lookup.

Description

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

Exploits (11)

exploitdb WORKING POC VERIFIED
by Errata Security · cdosmultiple
https://www.exploit-db.com/exploits/37721

This PoC exploits CVE-2015-5477, a DoS vulnerability in BIND9's TKEY handling. It sends a malformed TKEY packet to crash the server by triggering an assertion failure during record lookup.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND9 (versions prior to patched releases)
No auth needed
Prerequisites: Network access to vulnerable BIND9 server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by elceef · pythondosmultiple
https://www.exploit-db.com/exploits/37723

This PoC exploits CVE-2015-5477, a DoS vulnerability in BIND9's TKEY query handling. It sends a malformed DNS packet to trigger a crash in vulnerable BIND9 servers.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: ISC BIND 9
No auth needed
Prerequisites: Network access to the target's DNS port (53/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 65 stars
by robertdavidgraham · dos
https://github.com/robertdavidgraham/cve-2015-5477

This is a functional proof-of-concept exploit for CVE-2015-5477, a denial-of-service vulnerability in BIND9. It sends a malformed TKEY packet to trigger an assertion failure, crashing the server.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND9 (versions prior to the patch for CVE-2015-5477)
No auth needed
Prerequisites: Network access to the target BIND9 server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 14 stars
by elceef · poc
https://github.com/elceef/tkeypoc

This PoC exploits CVE-2015-5477, a DoS vulnerability in BIND9 DNS servers by sending a malformed TKEY query via UDP. The payload triggers a crash in vulnerable BIND9 versions.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND9 (versions affected by CVE-2015-5477)
No auth needed
Prerequisites: Network access to target DNS server (UDP port 53)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by ilanyu · poc
https://github.com/ilanyu/cve-2015-5477

This PoC exploits CVE-2015-5477, a DNS vulnerability in BIND, by sending malformed TKEY and version packets to trigger a denial-of-service (DoS) condition. The script uses TCP to send crafted packets and checks for responses.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND (versions affected by CVE-2015-5477)
No auth needed
Prerequisites: Network access to the target DNS server · Target DNS server running vulnerable BIND version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by knqyf263 · dos
https://github.com/knqyf263/cve-2015-5477

This PoC exploits CVE-2015-5477, a DoS vulnerability in BIND9 caused by a TKEY query assertion failure. The script sends a malformed DNS query with a TKEY record, triggering a crash in vulnerable BIND9 instances.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND9 (versions affected by CVE-2015-5477)
No auth needed
Prerequisites: Network access to the target BIND9 server · BIND9 instance vulnerable to CVE-2015-5477
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by hmlio · poc
https://github.com/hmlio/vaas-cve-2015-5477

This repository provides a Docker container running a vulnerable version of BIND9 (Debian Wheezy) to demonstrate CVE-2015-5477, a TKEY query denial-of-service vulnerability. The PoC includes instructions to trigger the crash using an external exploit script.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND9 (Debian Wheezy)
No auth needed
Prerequisites: Docker environment · Network access to the vulnerable BIND9 instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by xycloops123 · remote
https://github.com/xycloops123/TKEY-remote-DoS-vulnerability-exploit

This PoC exploits CVE-2015-5477, a DoS vulnerability in BIND9's TKEY query handling. It sends a malformed DNS packet to trigger a crash in vulnerable BIND9 servers.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND9 (versions affected by CVE-2015-5477)
No auth needed
Prerequisites: Network access to the target's DNS port (53/UDP)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by likekabin · poc
https://github.com/likekabin/ShareDoc_cve-2015-5477

The repository contains only a README.md file with minimal content, mentioning CVE-2015-5477 but providing no exploit code or technical details. It appears to be a placeholder or stub.

Classification
Stub 10%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
dos
https://gitlab.com/LinuxGun/cve-2015-5477

This repository contains a functional PoC exploit for CVE-2015-5477, a DoS vulnerability in BIND9 caused by a NULL pointer dereference in TKEY record processing. The exploit sends a crafted packet to trigger the crash and includes detailed technical analysis in the comments.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: BIND9 (versions prior to the patch)
No auth needed
Prerequisites: Network access to the target BIND9 server
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC
by Jonathan Foote, throwawayokejxqbbif, wvu · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/dns/bind_tkey.rb

This Metasploit module exploits CVE-2015-5477, a DoS vulnerability in BIND9 DNS servers by sending a malformed TKEY query, causing the server to crash with a REQUIRE assertion failure.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BIND 9.1.0 through 9.8.x, 9.9.0 through 9.9.7-P1, 9.10.0 through 9.10.2-P2
No auth needed
Prerequisites: Network access to the target DNS server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (42)

Core 42
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10783
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1513.html
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20160114-0001/
Various Sources x_refsource_confirm
https://kb.isc.org/article/AA-01438
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163015.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144017354030745&w=2
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144294073801304&w=2
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0079.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1514.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2693-1
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205032
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033100
Various Sources x_refsource_confirm
https://kb.isc.org/article/AA-01307
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76092
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37721/
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1515.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201510-01
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144181171013996&w=2
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3319
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163007.html
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144000632319155&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163006.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37723/
Various Sources x_refsource_confirm
https://kb.isc.org/article/AA-01305
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0078.html
Various Sources x_refsource_confirm
https://kb.isc.org/article/AA-01306
Patch, Vendor Advisory x_refsource_confirm
https://kb.isc.org/article/AA-01272

Scores

EPSS 0.9238
EPSS Percentile 99.7%

Details

VulnCheck KEV 2015-08-02
CWE
CWE-19
Status published
Products (2)
isc/bind < 9.10.2
isc/bind < 9.9.7
Published Jul 29, 2015
Tracked Since Feb 18, 2026