{"id":"CVE-2016-2088","details":"resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.","modified":"2026-04-16T01:42:27.199679098Z","published":"2016-03-09T23:59:04.493Z","related":["openSUSE-SU-2024:10467-1"],"references":[{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178831.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179904.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/84290"},{"type":"WEB","url":"http://www.securitytracker.com/id/1035238"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01380"},{"type":"ADVISORY","url":"https://kb.isc.org/article/AA-01351"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-07"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"0"},{"last_affected":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"last_affected":"ed70f92dd054be3f0bb3939ea7f0749afaaca94a"},{"last_affected":"8058292627cf5827941471ebda7ab9765a5a3ded"},{"last_affected":"f5df4974b7b5081c4778d5796127b4d6584e834e"},{"last_affected":"a326778a0a471e3c36a9ed400ffba42a79c9a451"},{"last_affected":"fe66c6b1529a744c3f863119d5ddedb436275c2f"},{"last_affected":"cc152ad50f8255cd7b830026123d86040a1167e2"},{"last_affected":"bf3ebcb44cf23cfd73ce9947d03a075e86c09c56"},{"last_affected":"9c1a043383b6cd804d0b4f56aacce345248ec024"},{"last_affected":"90f5dc6f4505141f9e94d3bc704da0dd24612219"},{"last_affected":"fb3b6818adaa628147ea308b62070c97483caf65"},{"last_affected":"638a11d49e0a9763c1eda26795cab37de40c2788"},{"last_affected":"e5e8feeccdf11b17b478d43e9203fb7896edf347"},{"last_affected":"2754d37321d2b3c3506c2d70cbb276a6b1ed991b"},{"last_affected":"d0c7c4694d6bbf3ad452e6506897d13f0b25f7fa"},{"last_affected":"551bea57432caa68828c5c80722f790e6a658f7c"},{"last_affected":"2799933bc6790356d4b3eebdfe21dc0f87977f14"},{"last_affected":"b3e2361dba162951931821a1a01b02078c491603"},{"last_affected":"f9be8b2189e49a354210237e55054b9399f03c96"},{"last_affected":"bdaecad72d6e5e49998139da55c48e0125806758"},{"last_affected":"29904d05643601b44cd88110197411afb0a03230"}],"database_specific":{"cpe":["cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:a1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:a2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:b1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:b2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:p2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:rc1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.0:rc2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:b1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:b2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:p2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:rc1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.1:rc2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:b1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:p2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:p4:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:rc1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.2:rc2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.3:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.3:b1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.3:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.3:p2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.3:p3:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.3:rc1:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"9.10.0"},{"last_affected":"9.10.0-a1"},{"last_affected":"9.10.0-a2"},{"last_affected":"9.10.0-b1"},{"last_affected":"9.10.0-b2"},{"last_affected":"9.10.0-p1"},{"last_affected":"9.10.0-p2"},{"last_affected":"9.10.0-rc1"},{"last_affected":"9.10.0-rc2"},{"last_affected":"9.10.1"},{"last_affected":"9.10.1-b1"},{"last_affected":"9.10.1-b2"},{"last_affected":"9.10.1-p1"},{"last_affected":"9.10.1-p2"},{"last_affected":"9.10.1-rc1"},{"last_affected":"9.10.1-rc2"},{"last_affected":"9.10.2-b1"},{"last_affected":"9.10.2-p1"},{"last_affected":"9.10.2-p2"},{"last_affected":"9.10.2-p3"},{"last_affected":"9.10.2-p4"},{"last_affected":"9.10.2-rc1"},{"last_affected":"9.10.2-rc2"},{"last_affected":"9.10.3"},{"last_affected":"9.10.3-b1"},{"last_affected":"9.10.3-p1"},{"last_affected":"9.10.3-p2"},{"last_affected":"9.10.3-p3"},{"last_affected":"9.10.3-rc1"}]}}],"versions":["v9.10.0","v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.10.0rc2","v9.10.1","v9.10.1b1","v9.10.1b2","v9.10.1rc1","v9.10.1rc2","v9.10.2","v9.10.2-P1","v9.10.2-P2","v9.10.2-P3","v9.10.2-P4","v9.10.2b1","v9.10.2rc1","v9.10.2rc2","v9.10.3","v9.10.3-P2","v9.10.3-P3","v9.10.3b1","v9.10.3rc1","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2088.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H"}]}