### [CVE-2015-5722](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5722)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

### POC

#### Reference
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- https://kb.isc.org/article/AA-01306
- https://kc.mcafee.com/corporate/index?page=content&id=SB10134

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/Maribel0370/Nebula-io
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/mrash/afl-cve
- https://github.com/pedr0alencar/vlab-metasploitable2