Debian Bind9 vulnerabilities

CVE-2022-2795 [MEDIUM] CVE-2022-2795: bind9 - By flooding the target resolver with queries exploiting this flaw an attacker ca... By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. Scope: local bookworm: resolved (fixed in 1:9.18.7-1) bullseye: resolved (fixed in 1:9.16.33-1~deb11u1) forky: resolved (fixed in 1:9.18.7-1) sid: resolved (fixed

CVE-2022-2881 [MEDIUM] CVE-2022-2881: bind9 - The underlying bug might cause read past end of the buffer and either read memor... The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. Scope: local bookworm: resolved (fixed in 1:9.18.7-1) bullseye: open forky: resolved (fixed in 1:9.18.7-1) sid: resolved (fixed in 1:9.18.7-1) trixie: resolved (fixed in 1:9.18.7-1)

CVE-2022-3488 [HIGH] CVE-2022-3488: bind9 - Processing of repeated responses to the same query, where both responses contain... Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versi

CVE-2021-25216 [HIGH] CVE-2021-25216: bind9 - In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11... In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which

CVE-2021-25215 [HIGH] CVE-2021-25215: bind9 - In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.... In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due

CVE-2021-25219 [MEDIUM] CVE-2021-25219: bind9 - In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1... In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way

CVE-2021-25220 [MEDIUM] CVE-2021-25220: bind9 - BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview... BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records

CVE-2021-25214 [MEDIUM] CVE-2021-25214: bind9 - In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9... In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process wi

CVE-2021-25218 [HIGH] CVE-2021-25218: bind9 - In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edi... In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.

CVE-2020-8616 [HIGH] CVE-2020-8616: bind9 - A malicious actor who intentionally exploits this lack of effective limitation o... A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing s

CVE-2020-8623 [HIGH] CVE-2020-8623: bind9 - In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10... In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zo

CVE-2020-8617 [HIGH] CVE-2020-8617: bind9 - Using a specially-crafted message, an attacker may potentially cause a BIND serv... Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulne

CVE-2020-8625 [HIGH] CVE-2020-8625: bind9 - BIND servers are vulnerable if they are running an affected version and are conf... BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the d

CVE-2020-8621 [HIGH] CVE-2020-8621: bind9 - In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both ... In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. Scope: local bookworm: resolved (fixed in 1:9.16.6-1) bullseye: resolved (fixed in 1:9.16

CVE-2020-8620 [HIGH] CVE-2020-8620: bind9 - In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP ... In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. Scope: local bookworm: resolved (fixed in 1:9.16.6-1) bullseye: resolved (fixed in 1:9.16.6-1) forky: resolved (fixed in 1:9.16.6-1) sid: resolved (fixed

CVE-2020-8622 [MEDIUM] CVE-2020-8622: bind9 - In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3... In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alt

CVE-2020-8619 [MEDIUM] CVE-2020-8619: bind9 - In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16... In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-

CVE-2020-8618 [MEDIUM] CVE-2020-8618: bind9 - An attacker who is permitted to send zone data to a server via zone transfer can... An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. Scope: local bookworm: resolved (fixed in 1:9.16.4-1) bullseye: resolved (fixed in 1:9.16.4-1) forky: resolved (fixed in 1:9.16.4-1) sid: resolved (fixed in 1:9.16.4-

CVE-2020-8624 [MEDIUM] CVE-2020-8624: bind9 - In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5,... In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents

CVE-2017-3137 [HIGH] CWE-617 CVE-2017-3137: Mistaken assumptions about the ordering of records in the answer section of a response containing CN Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc