CVE-2016-2088

MEDIUM

ISC Bind - Improper Input Validation

Title source: rule

Description

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

References (8)

Scores

CVSS v3 6.8
EPSS 0.4843
EPSS Percentile 97.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Classification

CWE
CWE-20
Status draft

Affected Products (29)

isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
isc/bind
... and 14 more

Timeline

Published Mar 09, 2016
Tracked Since Feb 18, 2026