Vulnerability Details : CVE-2015-5722
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
Vulnerability category: Input validationDenial of service
Threat overview for CVE-2015-5722
Top countries where our scanners detected CVE-2015-5722
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-5722 122,621
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-5722!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-5722
Probability of exploitation activity in the next 30 days: 96.60%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5722
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2015-5722
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5722
-
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00033.html
[security-announce] SUSE-SU-2016:0227-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00012.html
[security-announce] SUSE-SU-2015:1496-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00005.html
[security-announce] SUSE-SU-2015:1480-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165750.html
[SECURITY] Fedora 23 Update: dnsperf-2.0.0.0-18.fc23
-
https://kb.isc.org/article/AA-01306
404 Page not found
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952480
HPSBHF03539 rev.1 - HPE VCX running OpenSSH or BIND, Remote Denial of Service (DoS)
-
http://rhn.redhat.com/errata/RHSA-2015-1705.html
RHSA-2015:1705 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1033452
BIND DNSSEC Key Parsing Error Lets Remote Users Cause the Target Service to Crash - SecurityTracker
-
https://kb.isc.org/article/AA-01307
404 Page not found
-
http://marc.info/?l=bugtraq&m=144294073801304&w=2
'[security bulletin] HPSBUX03511 SSRT102248 rev.1 - HP-UX BIND service running named, Remote Denial o' - MARC
-
http://rhn.redhat.com/errata/RHSA-2016-0078.html
RHSA-2016:0078 - Security Advisory - Red Hat Customer Portal
-
https://security.netapp.com/advisory/ntap-20190730-0001/
September 2015 ISC BIND Vulnerabilities in NetApp Products | NetApp Product Security
-
https://kb.isc.org/article/AA-01438
404 Page not found
-
https://security.gentoo.org/glsa/201510-01
BIND: Denial of Service (GLSA 201510-01) — Gentoo security
-
https://kb.isc.org/article/AA-01287
CVE-2015-5722: Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c - Affecting Only Obsolete BranchesVendor Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05095918
HPSBNS03585 rev.1 - HPE NonStop BIND, Remote Denial of Service (DoS)
-
http://rhn.redhat.com/errata/RHSA-2016-0079.html
RHSA-2016:0079 - Security Advisory - Red Hat Customer Portal
-
http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html
Apple - Lists.apple.com
-
http://rhn.redhat.com/errata/RHSA-2015-1706.html
RHSA-2015:1706 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165996.html
[SECURITY] Fedora 22 Update: bind-9.10.2-5.P4.fc22
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00006.html
[security-announce] SUSE-SU-2015:1481-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00020.html
[security-announce] openSUSE-SU-2015:1597-1: important: Security update
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165810.html
[SECURITY] Fedora 23 Update: bind99-9.9.7-7.P3.fc23
-
http://www.securityfocus.com/bid/76605
ISC BIND 'buffer.c' Remote Denial of Service Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168686.html
[SECURITY] Fedora 21 Update: bind-9.9.6-11.P1.fc21
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Oracle Solaris Third Party Bulletin - July 2015
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167465.html
[SECURITY] Fedora 22 Update: bind99-9.9.7-7.P3.fc22
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00002.html
[security-announce] openSUSE-SU-2015:1667-1: important: Security update
-
http://www.debian.org/security/2015/dsa-3350
Debian -- Security Information -- DSA-3350-1 bind9
-
https://kb.isc.org/article/AA-01305
404 Page not found
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923105
HPSBUX03529 SSRT102967 rev.1 - HP-UX BIND service running named, Remote Denial of Service (DoS)
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
https://support.apple.com/HT205376
About the security content of OS X Server 5.0.15 - Apple Support
-
http://www.ubuntu.com/usn/USN-2728-1
USN-2728-1: Bind vulnerability | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2015-1707.html
RHSA-2015:1707 - Security Advisory - Red Hat Customer Portal
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04891218
HPSBUX03522 SSRT102942 rev.2 - HP-UX BIND running named, Remote Denial of Service (DoS)
- https://kc.mcafee.com/corporate/index?page=content&id=SB10134
Products affected by CVE-2015-5722
- cpe:2.3:o:apple:mac_os_x_server:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:p3:*:*:*:*:*:*
- cpe:2.3:a:isc:bind:*:p2:*:*:*:*:*:*