System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.86964	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
epss	0.88392	https://api.first.org/data/v1/epss?cve=CVE-2016-2776
cvssv2	7.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux	High	https://security.archlinux.org/AVG-36

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json
		https://api.first.org/data/v1/epss?cve=CVE-2016-2776
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1378380		https://bugzilla.redhat.com/show_bug.cgi?id=1378380
839010		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010
ASA-201609-29		https://security.archlinux.org/ASA-201609-29
AVG-36		https://security.archlinux.org/AVG-36
CVE-2016-2776	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py
GLSA-201610-07		https://security.gentoo.org/glsa/201610-07
RHSA-2016:1944		https://access.redhat.com/errata/RHSA-2016:1944
RHSA-2016:1945		https://access.redhat.com/errata/RHSA-2016:1945
RHSA-2016:2099		https://access.redhat.com/errata/RHSA-2016:2099
USN-3088-1		https://usn.ubuntu.com/3088-1/

Data source	Metasploit
Description	A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address isn't allowed to make queries.
Note	Stability: - crash-service-down SideEffects: [] Reliability: []
Ransomware campaign use	Unknown
Source publication date	Sept. 27, 2016
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/dos/dns/bind_tsig.rb

Data source	Exploit-DB
Date added	Oct. 4, 2016
Description	ISC BIND 9 - Denial of Service
Ransomware campaign use	Unknown
Source publication date	Oct. 4, 2016
Exploit type	dos
Platform	multiple
Source update date	Oct. 5, 2016

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Percentile	0.99428
EPSS Score	0.86964
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:58:38.829902+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201610-07	38.0.0