Medium severity6.5NVD Advisory· Published Jul 6, 2016· Updated Jun 17, 2026
CVE-2016-6170
CVE-2016-6170
Description
ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
35cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*range: >=9.0,<=9.9.8
- cpe:2.3:a:isc:bind:9.10.4:-:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:a1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:a2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:a3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.11.0:b1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.9:-:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.9:beta1:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.9:beta2:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*
- (no CPE)range: <=9.9.9-P1, <=9.10.4-P1, <=9.11.0b1
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- osv-coords20 versionspkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/bind&distro=SUSE%20Manager%202.1pkg:rpm/suse/bind&distro=SUSE%20Manager%20Proxy%202.1pkg:rpm/suse/bind&distro=SUSE%20OpenStack%20Cloud%205
< 9.9.9P1-59.1+ 19 more
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-28.34.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.9P1-28.34.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.9P1-59.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
- (no CPE)range: < 9.9.6P1-0.44.1
Patches
Vulnerability mechanics
References
11- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- github.com/sischkg/xfer-limit/blob/master/README.mdnvdExploitPatchThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/06/3nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/91611nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036241nvdThird Party AdvisoryVDB Entry
- kb.isc.org/article/AA-01390nvdVendor Advisory
- kb.isc.org/article/AA-01390/169/CVE-2016-6170nvdVendor Advisory
- lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.htmlnvdMailing ListThird Party Advisory
- lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.htmlnvdMailing ListThird Party Advisory
- lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201610-07nvdThird Party Advisory
News mentions
0No linked articles in our index yet.