What is CVE-2015-5986?

CVE-2015-5986 is a vulnerability in Apple Mac_os_x_server, classified under Improper Input Validation. Published 2015-09-05.

Is CVE-2015-5986 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apple Mac_os_x_server

CVE-2015-5986

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.480 (97.8th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x_server — versions 5.0.15
Isc Bind
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

APPLE-SA-2015-10-21-8 (vendor-advisory, x_refsource_APPLE)
cve@mitre.org (x_refsource_CONFIRM)
FEDORA-2015-14954 (x_refsource_FEDORA, vendor-advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
GLSA-201510-01 (vendor-advisory, x_refsource_GENTOO)
1033453 (vdb-entry, x_refsource_SECTRACK)
76618 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2015-5986?: CVE-2015-5986 is a vulnerability in Apple Mac_os_x_server, classified under Improper Input Validation. Published 2015-09-05.
Is CVE-2015-5986 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.