VIR Vulnerability Intelligence Relay

CVE-2016-6170

medium
Published 2016-07-06 · Modified 2026-05-06
CVSS v3
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v2
4.0
VIR risk
6.5

Description

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

Predictions

Exploit likelihood
75%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-6170

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-6170.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://kb.isc.org/article/AA-01390/169/CVE-2016-6170

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://kb.isc.org/article/AA-01390

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/sischkg/xfer-limit/blob/master/README.md

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1353563

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1:9.10.6+dfsg-1
debian debianbullseyefixed1:9.10.6+dfsg-1
debian debianforkyfixed1:9.10.6+dfsg-1
debian debiansidfixed1:9.10.6+dfsg-1
debian debiantrixiefixed1:9.10.6+dfsg-1
suse slesaffected
redhat rhel5.0affected
redhat rhel6.0affected
redhat rhel7.0affected

Application impact
VendorProductVersionsFixed
iscbind{"startIncluding":"9.0","endIncluding":"9.9.8"}
iscbind9.9.9
iscbind9.10.4
iscbind9.11.0

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.