{"id":"CVE-2016-2775","details":"ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.","modified":"2026-05-28T04:03:14.624617829Z","published":"2016-07-19T22:59:00.147Z","related":["SUSE-SU-2017:0998-1","SUSE-SU-2017:0999-1","SUSE-SU-2017:1000-1","openSUSE-SU-2024:10650-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","cpes":["cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"23"},{"last_affected":"24"}],"vendor_product":"fedoraproject:fedora"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"b.11.31"}],"vendor_product":"hp:hp-ux"},{"source":"CPE_STRING","cpes":["cpe:2.3:a:isc:bind:9.10.4:beta1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.4:beta2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.4:beta3:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.0:alpha1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.0:alpha2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.0:alpha3:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.0:beta1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:s1rc1:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.9.9-s1rc1"},{"last_affected":"9.9.9-s1rc1"},{"last_affected":"9.10.4-beta1"},{"last_affected":"9.10.4-beta1"},{"last_affected":"9.10.4-beta2"},{"last_affected":"9.10.4-beta2"},{"last_affected":"9.10.4-beta3"},{"last_affected":"9.10.4-beta3"},{"last_affected":"9.11.0-alpha1"},{"last_affected":"9.11.0-alpha1"},{"last_affected":"9.11.0-alpha2"},{"last_affected":"9.11.0-alpha2"},{"last_affected":"9.11.0-alpha3"},{"last_affected":"9.11.0-alpha3"},{"last_affected":"9.11.0-beta1"},{"last_affected":"9.11.0-beta1"}],"vendor_product":"isc:bind"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}],"vendor_product":"redhat:enterprise_linux_desktop"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.2"},{"last_affected":"7.3"},{"last_affected":"7.4"},{"last_affected":"7.5"},{"last_affected":"7.6"},{"last_affected":"7.7"}],"vendor_product":"redhat:enterprise_linux_eus"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}],"vendor_product":"redhat:enterprise_linux_server"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.2"},{"last_affected":"7.3"},{"last_affected":"7.6"},{"last_affected":"7.7"}],"vendor_product":"redhat:enterprise_linux_server_aus"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.2"},{"last_affected":"7.3"},{"last_affected":"7.6"},{"last_affected":"7.7"}],"vendor_product":"redhat:enterprise_linux_server_tus"},{"source":"CPE_STRING","cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"}],"vendor_product":"redhat:enterprise_linux_workstation"}]},"references":[{"type":"WEB","url":"https://kb.isc.org/article/AA-01435"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01436"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01438"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7T2WJP5ELO4ZRSBXSETIZ3GAO6KOEFTA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZUCSMEOZIZ2R2SKA4FPLTOVZHJBAOWC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/92037"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036360"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2017:0651"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHBA-2017:1767"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2533"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-07"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20160722-0002/"},{"type":"FIX","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"},{"type":"FIX","url":"https://kb.isc.org/article/AA-01393/74/CVE-2016-2775"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/isc-projects/bind9","events":[{"introduced":"19d6c56085e97cf4ac559cdc27edd624127bcb32"},{"last_affected":"2d6d4babba5b5d2237bd37c0e4c3c993b7efd255"},{"introduced":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"last_affected":"2799933bc6790356d4b3eebdfe21dc0f87977f14"},{"introduced":"0"},{"last_affected":"b7843f9794be456c53d7dc0b51ead89f2c5d3351"},{"last_affected":"9833cd85a811d3a4313948f324d3906937633e65"},{"last_affected":"d6d860e96ed5b20c1a77d5d19a29194174a1e5a0"},{"last_affected":"dc7668b4498add94cb471f1877fe95a842de39ce"},{"last_affected":"a5e4938f2d3c9d89b3fda65bc2fe6755ecfeea72"},{"last_affected":"632f9848811641da54fbb78c38e91a263b03d85a"},{"last_affected":"1477c19dd9a347ee19a42dac227f299a4680506f"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING"],"extracted_events":[{"introduced":"9.0"},{"last_affected":"9.9.8"},{"introduced":"9.10.0"},{"last_affected":"9.10.3"},{"introduced":"0"},{"last_affected":"9.9.9-NA"},{"last_affected":"9.9.9-b1"},{"last_affected":"9.9.9-b2"},{"last_affected":"9.9.9-p1"},{"last_affected":"9.9.9-rc1"},{"last_affected":"9.9.9-s1"},{"last_affected":"9.10.4-NA"},{"last_affected":"9.10.4-p1"},{"last_affected":"9.11.0-NA"}],"cpe":["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:rc1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*"]}}],"versions":["v9.11.0","v9.11.0rc3","v9.11.0rc2","v9.11.0rc1","v9.11.0b3","v9.11.0b2","v9.11.0b1","v9.11.0a3","v9.11.0a2","v9.9.9","v9.10.4","v9.9.9rc1","v9.10.4rc1","v9.9.9b2","v9.10.4b3","v9.11.0a1","v9.10.4b2","v9.9.9b1","v9.10.4b1","v9.9.8","v9.10.3","v9.9.8rc1","v9.10.3rc1","v9.9.8b1","v9.10.3b1","v9.9.7","v9.10.2","v9.9.7rc2","v9.10.2rc2","v9.9.7rc1","v9.10.2rc1","v9.10.2b1","v9.9.7b1","v9.9.6","v9.10.1","v9.9.6rc2","v9.10.1rc2","v9.9.6rc1","v9.10.1rc1","v9.9.6b2","v9.10.1b2","v9.9.6b1","v9.10.1b1","v9.10.0rc2","v9.10.0rc1","v9.10.0b2","v9.10.0b1","v9.10.0a2","v9.9.5","v9.9.5rc2","v9.9.5rc1","v9.9.5b1","v9.10.0a1","v9.9.4","v9.9.4rc2","v9.9.4b1","v9.9.3","v9.9.3rc2","v9.9.3rc1","v9.9.3b2","v9.9.3b1","v9.9.2rc1","v9.9.2b1","v9.9.1","v9.9.0","v9.9.0rc4","v9.9.0rc3","v9.7.0a1","v9.5.0a6","v9.5.0a5","v9.5.0a4","v9.5.0a3","v9.5.0a2","v9.5.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2775.json"}},{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"19d6c56085e97cf4ac559cdc27edd624127bcb32"},{"last_affected":"2d6d4babba5b5d2237bd37c0e4c3c993b7efd255"},{"introduced":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"last_affected":"2799933bc6790356d4b3eebdfe21dc0f87977f14"},{"introduced":"0"},{"last_affected":"b7843f9794be456c53d7dc0b51ead89f2c5d3351"},{"last_affected":"9833cd85a811d3a4313948f324d3906937633e65"},{"last_affected":"d6d860e96ed5b20c1a77d5d19a29194174a1e5a0"},{"last_affected":"dc7668b4498add94cb471f1877fe95a842de39ce"},{"last_affected":"a5e4938f2d3c9d89b3fda65bc2fe6755ecfeea72"},{"last_affected":"632f9848811641da54fbb78c38e91a263b03d85a"},{"last_affected":"1477c19dd9a347ee19a42dac227f299a4680506f"}],"database_specific":{"source":["CPE_RANGE","CPE_STRING"],"extracted_events":[{"introduced":"9.0"},{"last_affected":"9.9.8"},{"introduced":"9.10.0"},{"last_affected":"9.10.3"},{"introduced":"0"},{"last_affected":"9.9.9-NA"},{"last_affected":"9.9.9-b1"},{"last_affected":"9.9.9-b2"},{"last_affected":"9.9.9-p1"},{"last_affected":"9.9.9-rc1"},{"last_affected":"9.9.9-s1"},{"last_affected":"9.10.4-NA"},{"last_affected":"9.10.4-p1"},{"last_affected":"9.11.0-NA"}],"cpe":["cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:b1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:b2:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:rc1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*","cpe:2.3:a:isc:bind:9.11.0:-:*:*:*:*:*:*"]}}],"versions":["v9.11.0","v9.11.0rc3","v9.11.0rc2","v9.11.0rc1","v9.11.0b3","v9.11.0b2","v9.11.0b1","v9.11.0a3","v9.11.0a2","v9.9.9","v9.10.4","v9.9.9rc1","v9.10.4rc1","v9.9.9b2","v9.10.4b3","v9.11.0a1","v9.10.4b2","v9.9.9b1","v9.10.4b1","v9.9.8","v9.10.3","v9.9.8rc1","v9.10.3rc1","v9.9.8b1","v9.10.3b1","v9.9.7","v9.10.2","v9.9.7rc2","v9.10.2rc2","v9.9.7rc1","v9.10.2rc1","v9.10.2b1","v9.9.7b1","v9.9.6","v9.10.1","v9.9.6rc2","v9.10.1rc2","v9.9.6rc1","v9.10.1rc1","v9.9.6b2","v9.10.1b2","v9.9.6b1","v9.10.1b1","v9.10.0rc2","v9.10.0rc1","v9.10.0b2","v9.10.0b1","v9.10.0a2","v9.9.5","v9.9.5rc2","v9.9.5rc1","v9.9.5b1","v9.10.0a1","v9.9.4","v9.9.4rc2","v9.9.4b1","v9.9.3","v9.9.3rc2","v9.9.3rc1","v9.9.3b2","v9.9.3b1","v9.9.2rc1","v9.9.2b1","v9.9.1","v9.9.0","v9.9.0rc4","v9.9.0rc3","v9.7.0a1","v9.5.0a6","v9.5.0a5","v9.5.0a4","v9.5.0a3","v9.5.0a2","v9.5.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}