Weekly Vulnerabilities Reports > February 1 to 7, 2016

Overview

63 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 20 high severity vulnerabilities. This weekly summary report vulnerabilities in 65 products from 23 vendors including Apple, Google, Cisco, Jenkins, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Information Exposure", and "Improper Input Validation".

  • 46 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 52 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 17 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-07 CVE-2016-0804 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.

10.0
2016-02-07 CVE-2016-0803 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.

10.0
2016-02-06 CVE-2015-7915 Sauter Information Exposure vulnerability in Sauter Moduweb Vision 1.5.5

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

10.0
2016-02-03 CVE-2016-1906 Kubernetes Permissions, Privileges, and Access Controls vulnerability in Kubernetes

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.

10.0
2016-02-06 CVE-2015-7914 Sauter 7PK - Security Features vulnerability in Sauter Moduweb Vision 1.5.5

Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password.

9.3
2016-02-01 CVE-2016-1727 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.

9.3
2016-02-01 CVE-2016-1726 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Watchos

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.

9.3
2016-02-01 CVE-2016-1725 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Watchos

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.

9.3
2016-02-01 CVE-2016-1723 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Watchos

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.

9.3
2016-02-07 CVE-2016-1302 Cisco Improper Access Control vulnerability in Cisco products

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

9.0
2016-02-05 CVE-2016-0861 GE Command Injection vulnerability in GE UPS Snmp web Adapter Firmware

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.

9.0

20 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-07 CVE-2016-1301 Cisco Improper Access Control vulnerability in Cisco products

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.

8.5
2016-02-07 CVE-2016-0809 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1

Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.

8.3
2016-02-07 CVE-2016-0802 Google
Apple
Improper Input Validation vulnerability in multiple products

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.

8.3
2016-02-07 CVE-2016-0801 Apple
Google
Improper Input Validation vulnerability in multiple products

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

8.3
2016-02-07 CVE-2015-6398 Cisco Resource Management Errors vulnerability in Cisco Nx-Os 11.0(1B)

Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.

7.8
2016-02-07 CVE-2016-0811 Google Information Exposure vulnerability in Google Android 6.0/6.0.1

Integer overflow in the BnCrypto::onTransact function in media/libmedia/ICrypto.cpp in libmediaplayerservice in Android 6.x before 2016-02-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an improper size calculation, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25800375.

7.8
2016-02-03 CVE-2015-7539 Jenkins
Redhat
Insufficient Verification of Data Authenticity vulnerability in Jenkins

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted plugin.

7.6
2016-02-03 CVE-2016-1505 Radicale
Microsoft
Pathname Traversal and Equivalence Errors vulnerability in Radicale 1.0/1.0.1

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

7.5
2016-02-03 CVE-2015-8747 Radicale Improper Input Validation vulnerability in Radicale 1.0/1.0.1

The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.

7.5
2016-02-03 CVE-2015-5344 Apache Data Processing Errors vulnerability in Apache Camel

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

7.5
2016-02-01 CVE-2016-1729 Apple Unspecified vulnerability in Apple mac OS X

Untrusted search path vulnerability in OSA Scripts in Apple OS X before 10.11.3 allows attackers to load arbitrary script libraries via a quarantined application.

7.5
2016-02-07 CVE-2016-0807 Google Permissions, Privileges, and Access Controls vulnerability in Google Android 6.0/6.0.1

The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.

7.2
2016-02-07 CVE-2016-0806 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.

7.2
2016-02-07 CVE-2016-0805 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.

7.2
2016-02-01 CVE-2016-1722 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-02-01 CVE-2016-1721 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-02-01 CVE-2016-1720 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-02-01 CVE-2016-1719 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-02-01 CVE-2016-1717 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-02-01 CVE-2016-1716 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-07 CVE-2016-0810 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119.

6.9
2016-02-01 CVE-2016-1718 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

6.9
2016-02-03 CVE-2015-7538 Jenkins
Redhat
Security Bypass vulnerability in Jenkins

Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mechanism via unspecified vectors.

6.8
2016-02-03 CVE-2015-7537 Redhat
Jenkins
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote attackers to hijack the authentication of administrators for requests that have unspecified impact via vectors related to the HTTP GET method.

6.8
2016-02-01 CVE-2016-2199 Mcafee Cross-Site Request Forgery (CSRF) vulnerability in Mcafee vulnerability Manager 7.0.11/7.5.4/7.5.5

Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations and Remediation management page in Enterprise Manager in McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote attackers to hijack the authentication of administrators for requests that have unspecified impact via unknown vectors.

6.8
2016-02-01 CVE-2016-2049 Janrain Improper Access Control vulnerability in Janrain PHP-Openid

examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted HTTP Host header.

6.8
2016-02-01 CVE-2016-1724 Apple
Webkitgtk
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.

6.8
2016-02-07 CVE-2016-0813 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219.

6.6
2016-02-07 CVE-2016-0812 Google Permissions, Privileges, and Access Controls vulnerability in Google Android

The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538.

6.6
2016-02-07 CVE-2016-1308 Cisco SQL Injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9)

SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.

6.5
2016-02-04 CVE-2015-8269 Fisher Price Improper Authentication vulnerability in Fisher-Price Smart TOY Bear

The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number.

6.5
2016-02-03 CVE-2015-7546 Openstack
Oracle
Insufficiently Protected Credentials vulnerability in multiple products

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

6.0
2016-02-01 CVE-2016-1730 Apple Information Exposure vulnerability in Apple Iphone OS

WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.

5.8
2016-02-07 CVE-2016-1307 Cisco Credentials Management vulnerability in Cisco Finesse and Unified Contact Center Express

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.

5.5
2016-02-03 CVE-2015-8748 Radicale Permissions, Privileges, and Access Controls vulnerability in Radicale 1.0/1.0.1

Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".

5.0
2016-02-01 CVE-2015-8265 Huawei Improper Input Validation vulnerability in Huawei E5151 Firmware and E5186 Firmware

Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.

5.0
2016-02-07 CVE-2016-0808 Google Data Processing Errors vulnerability in Google Android

Integer overflow in the getCoverageFormat12 function in CmapCoverage.cpp in the Minikin library in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 allows attackers to cause a denial of service (continuous rebooting) via an application that triggers loading of a crafted TTF font, aka internal bug 25645298.

4.9
2016-02-07 CVE-2016-1309 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings Server 2.5.1.5

Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843.

4.3
2016-02-07 CVE-2016-1305 Cisco Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.1Base

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511.

4.3
2016-02-06 CVE-2016-1311 Cisco Cross-site Scripting vulnerability in Cisco Jabber Guest 10.6.8

Cross-site scripting (XSS) vulnerability in the management interface in Cisco Jabber Guest Server 10.6(8) allows remote attackers to inject arbitrary web script or HTML via the host tag parameter, aka Bug ID CSCuy08224.

4.3
2016-02-06 CVE-2016-1310 Cisco Cross-site Scripting vulnerability in Cisco Unity Connection 11.5(0.199)

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.

4.3
2016-02-06 CVE-2016-1306 Cisco Cross-site Scripting vulnerability in Cisco FOG Director 1.0(0)

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.

4.3
2016-02-03 CVE-2016-2213 Ffmpeg Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ffmpeg

The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

4.3
2016-02-01 CVE-2015-8783 Libtiff
Debian
Out-of-bounds Read vulnerability in multiple products

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image.

4.3
2016-02-01 CVE-2015-8782 Debian
Libtiff
Out-of-bounds Write vulnerability in multiple products

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781.

4.3
2016-02-01 CVE-2015-8781 Debian
Libtiff
Out-of-bounds Write vulnerability in multiple products

tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE-2015-8782.

4.3
2016-02-01 CVE-2016-1728 Apple Information Exposure vulnerability in Apple Iphone OS and Safari

The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.

4.3
2016-02-05 CVE-2016-0862 GE Information Exposure vulnerability in GE Snmp/Web Adapter Firmware 4.7

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.

4.0
2016-02-03 CVE-2016-1905 Kubernetes Improper Access Control vulnerability in Kubernetes

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-06 CVE-2015-7916 Sauter
Sauter Controls
Cross-site Scripting vulnerability in Sauter-Controls Moduweb Vision 1.5

Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

3.5
2016-02-03 CVE-2015-7536 Jenkins Cross-site Scripting vulnerability in Jenkins

Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to workspaces and archived artifacts.

3.5
2016-02-04 CVE-2016-1284 ISC Improper Input Validation vulnerability in ISC Bind 9.9.8

rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.

2.6