CVEs-PoC/2016/CVE-2016-2776.md

### [CVE-2016-2776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

### POC

#### Reference
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- https://www.exploit-db.com/exploits/40453/

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/GhostTroops/TOP
- https://github.com/KosukeShimofuji/CVE-2016-2776
- https://github.com/Maribel0370/Nebula-io
- https://github.com/hack0ps/exploits
- https://github.com/infobyte/CVE-2016-2776
- https://github.com/lekctut/sdb-hw-13-01
- https://github.com/lmarqueta/exploits
- https://github.com/pedr0alencar/vlab-metasploitable2
- https://github.com/vikanet/pro-ukraine