{"id":"CVE-2016-6173","details":"NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.","modified":"2026-04-10T03:52:33.200743Z","published":"2017-02-09T15:59:01.237Z","related":["openSUSE-SU-2024:11100-1"],"references":[{"type":"ADVISORY","url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"},{"type":"ADVISORY","url":"https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"},{"type":"ADVISORY","url":"http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/06/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/06/4"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91678"},{"type":"ADVISORY","url":"https://github.com/sischkg/xfer-limit/blob/master/README.md"},{"type":"REPORT","url":"https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nlnetlabs/nsd","events":[{"introduced":"0"},{"last_affected":"adf87e6c549b78cb72143ead385615311951a315"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.1.10"}]}}],"versions":["ALPHA","ALPHA2","ANSWERS","NAMED8_STATS","NSD_1_0_1_BETA5","NSD_1_0_1_BP","NSD_1_0_2_REL","NSD_1_0_2_merge_into_1_1_0","NSD_1_0_3_REL","NSD_1_0_3_last_merge","NSD_1_0_BP","NSD_1_1_0B2_REL","NSD_1_1_0_BP","NSD_1_1_0_REL","NSD_1_1_1","NSD_1_1_1_BP","NSD_1_2_0_REL","NSD_1_2_1_REL","NSD_1_2_2_REL","NSD_1_2_3_REL","NSD_1_2_4_REL","NSD_1_2_BP","NSD_1_2_end_of_merge","NSD_1_2_last_merge","NSD_1_3_0_ALPHA_1_REL","NSD_1_3_BP","NSD_1_4_0_ALPHA_1_REL","NSD_2_0_0_REL","NSD_2_0_0_WS_REL","NSD_2_0_1_REL","NSD_2_0_2_REL","NSD_2_0_BP","NSD_2_0_end_of_merge","NSD_2_0_last_merge","NSD_2_1_0_REL","NSD_2_1_1_REL","NSD_2_1_2_REL","NSD_2_1_3_REL","NSD_2_1_4_REL","NSD_2_1_5_REL","NSD_2_1_BP","NSD_2_1_end_of_merge","NSD_2_1_last_merge","NSD_2_2_0_REL","NSD_2_2_1_REL","NSD_2_2_BP2","NSD_2_2_end_of_merge","NSD_2_2_last_merge","NSD_2_3_0_REL","NSD_3_0_1_REL","NSD_3_0_2_REL","NSD_3_0_4_REL","NSD_3_2_1_REL","NSD_3_2_2_REL","NSD_3_2_4_REL","NSD_3_2_6_REL","NSD_3_2_7_REL","NSD_3_XML_SOCK_DB","NSD_3_signalsocket_solution","NSD_4_0_0_BETA1","NSD_4_0_0_BETA2","NSD_4_0_0_BETA3","NSD_4_0_0_BETA4","NSD_4_0_0_RC2","NSD_4_0_0_RC3","NSD_4_0_0_REL","NSD_4_0_0_imp_1","NSD_4_0_0_imp_2","NSD_4_0_0_imp_3","NSD_4_0_0_imp_4","NSD_4_0_0_imp_6","NSD_4_0_1_RC1","NSD_4_0_1_RC2","NSD_4_0_1_REL","NSD_4_0_2_REL","NSD_4_0_3_REL","NSD_4_1_0_RC1","NSD_4_1_0_REL","NSD_4_1_10_RC1","NSD_4_1_10_RC2","NSD_4_1_10_REL","NSD_4_1_1_RC1","NSD_4_1_1_REL","NSD_4_1_2_RC1","NSD_4_1_2_RC2","NSD_4_1_2_REL","NSD_4_1_4_RC1","NSD_4_1_5_REL","NSD_4_1_6_RC1","NSD_4_1_6_RC2","NSD_4_1_6_REL","NSD_4_1_7_RC1","NSD_4_1_8_RC1","NSD_4_1_8_REL","PostScrewUp","before_optimization","new_zf_parser_start"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6173.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}