Isc Bind vulnerabilities
195 known vulnerabilities affecting isc/bind.
Total CVEs
195
CISA KEV
0
Public exploits
16
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH100MEDIUM80LOW6
Vulnerabilities
Page 1 of 10
CVE-2016-2776P1HIGHCVSS 7.5ExploitedPoC≤ 9.9.9v9.10.0+5 more2016-09-28
CVE-2016-2776 [HIGH] CWE-20 CVE-2016-2776: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
nvd
CVE-2015-5477P2HIGHCVSS 7.8ExploitedPoC≤ 9.9.7≤ 9.10.22015-07-29
CVE-2015-5477 [HIGH] CWE-19 CVE-2015-5477: named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
nvd
CVE-2009-0696P2MEDIUMCVSS 4.3ExploitedPoCv9.4v9.4.0+8 more2009-07-29
CVE-2009-0696 [MEDIUM] CWE-16 CVE-2009-0696: The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
nvd
CVE-2013-4854P2HIGHCVSS 7.8Exploitedv9.7.0v9.7.1+17 more2013-07-29
CVE-2013-4854 [HIGH] CVE-2013-4854: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x b
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during c
nvd
CVE-2008-1447P2MEDIUMCVSS 6.8PoCv4v8+1 more2008-07-08
CVE-2008-1447 [MEDIUM] CWE-331 CVE-2008-1447: The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Mi
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resol
nvd
CVE-2020-8617P2MEDIUMCVSS 5.9PoC≥ 9.0.0, ≤ 9.11.18≥ 9.12.0, ≤ 9.12.4+14 more2020-05-19
CVE-2020-8617 [MEDIUM] CWE-617 CVE-2020-8617: Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an incon
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIN
nvd
CVE-2021-25216P2CRITICALCVSS 9.8≥ 9.0.0, < 9.11.31≥ 9.12.0, < 9.16.15+18 more2021-04-29
CVE-2021-25216 [CRITICAL] CWE-125 CVE-2021-25216: In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a
nvd
CVE-2001-0010P3CRITICALCVSS 10.0PoCv8.2v8.2.1+1 more2001-02-12
CVE-2001-0010 [CRITICAL] CVE-2001-0010: Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to g
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
nvd
CVE-2020-8625P2HIGHCVSS 8.1≥ 9.5.0, ≤ 9.11.27≥ 9.12.0, ≤ 9.16.11+11 more2021-02-17
CVE-2020-8625 [HIGH] CWE-120 CVE-2020-8625: BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TS
BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration option
nvd
CVE-2023-50387P3HIGHCVSS 7.5≥ 9.0.0, ≤ 9.16.46≥ 9.18.0, ≤ 9.18.22+1 more2024-02-14
CVE-2023-50387 [HIGH] CWE-770 CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an al
nvd
CVE-2023-50868P3HIGHCVSS 7.5≥ 9.0.0, < 9.16.48≥ 9.9.3, < 9.16.48+3 more2024-02-14
CVE-2023-50868 [HIGH] CWE-400 CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iter
nvd
CVE-2018-5740P2HIGHCVSS 7.5≥ 9.7.0, < 9.8.8≥ 9.9.0, < 9.9.13+4 more2019-01-16
CVE-2018-5740 [HIGH] CWE-617 CVE-2018-5740: "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect e
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND
nvd
CVE-2016-1286P3HIGHCVSS 8.6≥ 9.0.0, < 9.9.8≥ 9.10.0, < 9.10.3+2 more2016-03-09
CVE-2016-1286 [HIGH] CVE-2016-1286: named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
nvd
CVE-1999-0009P3CRITICALCVSS 10.0PoCv4.9.6v8.1+1 more1998-04-08
CVE-1999-0009 [CRITICAL] CVE-1999-0009: Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
nvd
CVE-2022-3736P3HIGHCVSS 7.5≥ 9.16.12, < 9.16.37≥ 9.18.0, < 9.18.11+7 more2023-01-26
CVE-2022-3736 [HIGH] CWE-20 CVE-2022-3736: BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-clien
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
nvdosv
CVE-2017-3141P3HIGHCVSS 7.8PoC≥ 9.2.6, ≤ 9.2.9≥ 9.3.2, ≤ 9.3.6+6 more2019-01-16
CVE-2017-3141 [HIGH] CWE-428 CVE-2017-3141: The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
nvdosv
CVE-2006-0987P4MEDIUMCVSS 5.0PoCv9.3.22006-03-03
CVE-2006-0987 [MEDIUM] CVE-2006-0987: The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, all
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
nvd
CVE-2000-1029P3CRITICALCVSS 10.0PoCv8.12000-12-11
CVE-2000-1029 [CRITICAL] CVE-2000-1029: Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long re
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.
nvd
CVE-2026-3593P2CRITICALCVSS 9.8≥ 9.20.0, < 9.20.23≥ 9.21.0, < 9.21.222026-05-20
CVE-2026-3593 [CRITICAL] CWE-416 CVE-2026-3593: A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects B
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.
nvd
CVE-2014-8500P3HIGHCVSS 7.8v9.0v9.0.1+61 more2014-12-11
CVE-2014-8500 [HIGH] CWE-399 CVE-2014-8500: ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegati
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
nvd
1 / 10Next →