A vulnerability was found in the ISC BIND software released before May 2013 and in third-party versions that do not include fix number 3548. A remote attacker could send a specially crafted query to trigger an assertion failure which could cause the BIND to exit.
Both authoritative and recursive name servers are vulnerable to this problem.
Successful exploitation could lead to a denial of service (DoS) condition on an affected system.
Internet Systems Consortium (ISC) has released the following patches to solve the problems:
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://kb.isc.org/article/AA-01433
https://www.us-cert.gov/ncas/current-activity/2016/10/20/ISC-Releases-Security-Advisory
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2848