{"id":"CVE-2016-2776","details":"buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.","modified":"2026-03-20T11:09:10.017800Z","published":"2016-09-28T10:59:00.157Z","related":["MGASA-2016-0332","SUSE-SU-2016:2399-1","SUSE-SU-2016:2401-1","SUSE-SU-2016:2405-1","openSUSE-SU-2024:10467-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/93188"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01438"},{"type":"WEB","url":"http://www.securitytracker.com/id/1036903"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01436"},{"type":"WEB","url":"https://kb.isc.org/article/AA-01435"},{"type":"WEB","url":"https://www.exploit-db.com/exploits/40453/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-07"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1944.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html"},{"type":"ADVISORY","url":"https://kb.isc.org/article/AA-01419/0"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20160930-0001/"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-2099.html"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107"},{"type":"ADVISORY","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2016-1945.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"0"},{"last_affected":"b7843f9794be456c53d7dc0b51ead89f2c5d3351"},{"introduced":"0"},{"last_affected":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"introduced":"0"},{"last_affected":"ed70f92dd054be3f0bb3939ea7f0749afaaca94a"},{"introduced":"0"},{"last_affected":"8058292627cf5827941471ebda7ab9765a5a3ded"},{"introduced":"0"},{"last_affected":"ed70f92dd054be3f0bb3939ea7f0749afaaca94a"},{"introduced":"0"},{"last_affected":"8058292627cf5827941471ebda7ab9765a5a3ded"},{"introduced":"0"},{"last_affected":"ed70f92dd054be3f0bb3939ea7f0749afaaca94a"},{"introduced":"0"},{"last_affected":"8058292627cf5827941471ebda7ab9765a5a3ded"},{"introduced":"0"},{"last_affected":"f5df4974b7b5081c4778d5796127b4d6584e834e"},{"introduced":"0"},{"last_affected":"a326778a0a471e3c36a9ed400ffba42a79c9a451"},{"introduced":"0"},{"last_affected":"fe66c6b1529a744c3f863119d5ddedb436275c2f"},{"introduced":"0"},{"last_affected":"cc152ad50f8255cd7b830026123d86040a1167e2"},{"introduced":"0"},{"last_affected":"bf3ebcb44cf23cfd73ce9947d03a075e86c09c56"},{"introduced":"0"},{"last_affected":"cc152ad50f8255cd7b830026123d86040a1167e2"},{"introduced":"0"},{"last_affected":"bf3ebcb44cf23cfd73ce9947d03a075e86c09c56"},{"introduced":"0"},{"last_affected":"9c1a043383b6cd804d0b4f56aacce345248ec024"},{"introduced":"0"},{"last_affected":"90f5dc6f4505141f9e94d3bc704da0dd24612219"},{"introduced":"0"},{"last_affected":"fb3b6818adaa628147ea308b62070c97483caf65"},{"introduced":"0"},{"last_affected":"fb3b6818adaa628147ea308b62070c97483caf65"},{"introduced":"0"},{"last_affected":"638a11d49e0a9763c1eda26795cab37de40c2788"},{"introduced":"0"},{"last_affected":"e5e8feeccdf11b17b478d43e9203fb7896edf347"},{"introduced":"0"},{"last_affected":"2754d37321d2b3c3506c2d70cbb276a6b1ed991b"},{"introduced":"0"},{"last_affected":"d0c7c4694d6bbf3ad452e6506897d13f0b25f7fa"},{"introduced":"0"},{"last_affected":"551bea57432caa68828c5c80722f790e6a658f7c"},{"introduced":"0"},{"last_affected":"2799933bc6790356d4b3eebdfe21dc0f87977f14"},{"introduced":"0"},{"last_affected":"b3e2361dba162951931821a1a01b02078c491603"},{"introduced":"0"},{"last_affected":"b3e2361dba162951931821a1a01b02078c491603"},{"introduced":"0"},{"last_affected":"f9be8b2189e49a354210237e55054b9399f03c96"},{"introduced":"0"},{"last_affected":"bdaecad72d6e5e49998139da55c48e0125806758"},{"introduced":"0"},{"last_affected":"ebd72b3f6a18917ce500495b3424781a8da59f14"},{"introduced":"0"},{"last_affected":"29904d05643601b44cd88110197411afb0a03230"},{"introduced":"0"},{"last_affected":"d36f894b881427035c9163b939cb64c75e6fdd7a"},{"introduced":"0"},{"last_affected":"2f98c1c2a0b92c83cd9a9e6d53363537f4819c40"},{"introduced":"0"},{"last_affected":"dca6957b62013f523e54084c92152f571d08f6c0"},{"introduced":"0"},{"last_affected":"111ec860a840d09dbd0551044e5fdc37d546c6b6"},{"introduced":"0"},{"last_affected":"a23f742c3d767f41bfb1a143b0605a766936c4d9"},{"introduced":"0"},{"last_affected":"dca6957b62013f523e54084c92152f571d08f6c0"},{"introduced":"0"},{"last_affected":"111ec860a840d09dbd0551044e5fdc37d546c6b6"},{"introduced":"0"},{"last_affected":"a23f742c3d767f41bfb1a143b0605a766936c4d9"},{"introduced":"0"},{"last_affected":"e0815f81205101e6fce3aa87dead307ea9624df3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.9.9"},{"introduced":"0"},{"last_affected":"9.10.0"},{"introduced":"0"},{"last_affected":"9.10.0-a1"},{"introduced":"0"},{"last_affected":"9.10.0-a2"},{"introduced":"0"},{"last_affected":"9.10.0-b1"},{"introduced":"0"},{"last_affected":"9.10.0-b2"},{"introduced":"0"},{"last_affected":"9.10.0-p1"},{"introduced":"0"},{"last_affected":"9.10.0-p2"},{"introduced":"0"},{"last_affected":"9.10.0-rc1"},{"introduced":"0"},{"last_affected":"9.10.0-rc2"},{"introduced":"0"},{"last_affected":"9.10.1"},{"introduced":"0"},{"last_affected":"9.10.1-b1"},{"introduced":"0"},{"last_affected":"9.10.1-b2"},{"introduced":"0"},{"last_affected":"9.10.1-p1"},{"introduced":"0"},{"last_affected":"9.10.1-p2"},{"introduced":"0"},{"last_affected":"9.10.1-rc1"},{"introduced":"0"},{"last_affected":"9.10.1-rc2"},{"introduced":"0"},{"last_affected":"9.10.2-b1"},{"introduced":"0"},{"last_affected":"9.10.2-p1"},{"introduced":"0"},{"last_affected":"9.10.2-p2"},{"introduced":"0"},{"last_affected":"9.10.2-p3"},{"introduced":"0"},{"last_affected":"9.10.2-p4"},{"introduced":"0"},{"last_affected":"9.10.2-rc1"},{"introduced":"0"},{"last_affected":"9.10.2-rc2"},{"introduced":"0"},{"last_affected":"9.10.3"},{"introduced":"0"},{"last_affected":"9.10.3-b1"},{"introduced":"0"},{"last_affected":"9.10.3-p1"},{"introduced":"0"},{"last_affected":"9.10.3-p2"},{"introduced":"0"},{"last_affected":"9.10.3-p3"},{"introduced":"0"},{"last_affected":"9.10.3-p4"},{"introduced":"0"},{"last_affected":"9.10.3-rc1"},{"introduced":"0"},{"last_affected":"9.10.4-p2"},{"introduced":"0"},{"last_affected":"9.10.4-p3"},{"introduced":"0"},{"last_affected":"9.11.0-a1"},{"introduced":"0"},{"last_affected":"9.11.0-a2"},{"introduced":"0"},{"last_affected":"9.11.0-a3"},{"introduced":"0"},{"last_affected":"9.11.0-b1"},{"introduced":"0"},{"last_affected":"9.11.0-b2"},{"introduced":"0"},{"last_affected":"9.11.0-b3"},{"introduced":"0"},{"last_affected":"9.11.0-rc1"}]}}],"versions":["v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2776.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6"}]},{"events":[{"introduced":"0"},{"last_affected":"7"}]},{"events":[{"introduced":"0"},{"last_affected":"3.2"}]},{"events":[{"introduced":"0"},{"last_affected":"3.3"}]},{"events":[{"introduced":"0"},{"last_affected":"3.4"}]},{"events":[{"introduced":"0"},{"last_affected":"11.31"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.3"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}