{"id":"CVE-2016-6170","details":"ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.","modified":"2026-03-20T11:12:39.584579Z","published":"2016-07-06T14:59:05.597Z","related":["SUSE-SU-2017:0998-1","SUSE-SU-2017:0999-1","SUSE-SU-2017:1000-1"],"references":[{"type":"ADVISORY","url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/06/3"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91611"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036241"},{"type":"ADVISORY","url":"https://kb.isc.org/article/AA-01390/169/CVE-2016-6170"},{"type":"ADVISORY","url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html"},{"type":"ADVISORY","url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201610-07"},{"type":"ADVISORY","url":"https://kb.isc.org/article/AA-01390"},{"type":"FIX","url":"https://github.com/sischkg/xfer-limit/blob/master/README.md"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353563"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/isc-projects/bind9","events":[{"introduced":"0"},{"last_affected":"6d06e7e7e585e30b419e4e20815cb8233c48f7b1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.0"}]}},{"type":"GIT","repo":"https://gitlab.isc.org/isc-projects/bind9","events":[{"introduced":"19d6c56085e97cf4ac559cdc27edd624127bcb32"},{"last_affected":"2d6d4babba5b5d2237bd37c0e4c3c993b7efd255"},{"introduced":"63fbb3ea39094353765c04a6066b9e1d1013992a"},{"last_affected":"2799933bc6790356d4b3eebdfe21dc0f87977f14"},{"introduced":"0"},{"last_affected":"b7843f9794be456c53d7dc0b51ead89f2c5d3351"},{"introduced":"0"},{"last_affected":"9833cd85a811d3a4313948f324d3906937633e65"},{"introduced":"0"},{"last_affected":"a5e4938f2d3c9d89b3fda65bc2fe6755ecfeea72"},{"introduced":"0"},{"last_affected":"632f9848811641da54fbb78c38e91a263b03d85a"},{"introduced":"0"},{"last_affected":"dca6957b62013f523e54084c92152f571d08f6c0"},{"introduced":"0"},{"last_affected":"111ec860a840d09dbd0551044e5fdc37d546c6b6"},{"introduced":"0"},{"last_affected":"a23f742c3d767f41bfb1a143b0605a766936c4d9"},{"introduced":"0"},{"last_affected":"dca6957b62013f523e54084c92152f571d08f6c0"}],"database_specific":{"versions":[{"introduced":"9.0"},{"last_affected":"9.9.8"},{"introduced":"9.10.0"},{"last_affected":"9.10.3"},{"introduced":"0"},{"last_affected":"9.9.9-NA"},{"introduced":"0"},{"last_affected":"9.9.9-p1"},{"introduced":"0"},{"last_affected":"9.10.4-NA"},{"introduced":"0"},{"last_affected":"9.10.4-p1"},{"introduced":"0"},{"last_affected":"9.11.0-a1"},{"introduced":"0"},{"last_affected":"9.11.0-a2"},{"introduced":"0"},{"last_affected":"9.11.0-a3"},{"introduced":"0"},{"last_affected":"9.11.0-b1"}]}}],"versions":["ondrej/008bfb6249a5f81d9e02ad4d39fda63fab57a0ad","ondrej/00ce93a69cd809810b82dbb229abf59d8e5850cc","ondrej/1a1413ff5910ace7919bb8db0a1bb1f6e9c9ff7d","ondrej/4d292fc37ff5e99462756352c6028af7d0becf74","ondrej/6d06e7e7e585e30b419e4e20815cb8233c48f7b1","ondrej/6d1fdb850516a8d1fbfa853c56a1ef7627d54a72","ondrej/761b47a64845cb647d4fa3362be538eb0e7174d9","ondrej/840e56a979c3719ded668d5aaa04b1bddce465ef","ondrej/a42afbce2e34a5f990517fee7eab013c4adb8c0a","ondrej/a5f554959ec531712f6e14a8cb8c90d87cc27932","ondrej/b177581bb230d89821d1e2e5e91f93bee3fc4192","ondrej/be1e6499742e241d71c7e79434e278a0c89d141b","ondrej/c63b7fad498dbe56710b655bd296a58abba64bb8","ondrej/d7e5f7903de06e504aac4a3822a41d69e159e370","ondrej/fb07c38697c9f4f76dcb921487c4f96813c99b69","v9.10.0a1","v9.10.0a2","v9.10.0b1","v9.10.0b2","v9.10.0rc1","v9.11.0a1","v9.11.0a2","v9.11.0a3","v9.12.0a1","v9.12.0b1","v9.12.0b2","v9.12.0rc1","v9.13.0","v9.13.2","v9.13.3","v9.13.4","v9.13.5","v9.13.6","v9.15.0","v9.15.2","v9.15.3","v9.15.4","v9.15.5","v9.15.6","v9.15.7","v9.15.8","v9.17.4","v9.19.0","v9.19.1","v9.19.10","v9.19.11","v9.19.12","v9.19.13","v9.19.14","v9.19.15","v9.19.16","v9.19.17","v9.19.18","v9.19.19","v9.19.2","v9.19.21","v9.19.22","v9.19.23","v9.19.24","v9.19.3","v9.19.4","v9.19.5","v9.19.6","v9.19.7","v9.19.8","v9.19.9","v9.20.0","v9.5.0a1","v9.5.0a2","v9.5.0a3","v9.5.0a4","v9.5.0a5","v9.5.0a6","v9.7.0a1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.9.9-beta1"}]},{"events":[{"introduced":"0"},{"last_affected":"9.9.9-beta2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6170.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}