← back
CVE-2016-2776

CVE-2016-2776

EPSS 89.5%◆ VulnCheck KEV
Vexday Risk Score
84Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Popular PoC on GitHub (27 stars) — exploitation code widely available.
CVSS EPSS 89.5%KEV nãoPoC públicaNuclei Metasploit simPatch referenciado
Lifecycle
27 Sep 2016Metasploit module available
28 Sep 2016Published on NVD
28 Sep 2016Public PoC
Weaponization speed
same dayto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.