cbcvebase.

Isc Bind9 vulnerabilities

128 known vulnerabilities affecting isc/bind9.

Total CVEs
128
CISA KEV
0
Public exploits
7
Exploited in wild
4
Severity breakdown
CRITICAL1HIGH73MEDIUM47LOW7

Vulnerabilities

Page 3 of 7
CVE-2016-9147P3HIGHCVSS 7.5≥ 0, < 1:9.10.3.dfsg.P4-112017-01-12
CVE-2016-9147 [HIGH] CVE-2016-9147: named in ISC BIND 9 named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
osv
CVE-2016-9444P3HIGHCVSS 7.5≥ 0, < 1:9.10.3.dfsg.P4-112017-01-12
CVE-2016-9444 [HIGH] CVE-2016-9444: named in ISC BIND 9 named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
osv
CVE-2020-8623P3HIGHCVSS 7.5≥ 9.10.0, < unspecified≥ unspecified, < 9.11.22+5 more2020-08-21
CVE-2020-8623 [HIGH] CWE-617 CVE-2020-8623: In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signin
nvdosv
CVE-2023-3341P3HIGHCVSS 7.5≥ 0, < 1:9.16.44-1~deb11u1≥ 0, < 1:9.18.19-1~deb12u1+1 more2023-09-20
CVE-2023-3341 [HIGH] CVE-2023-3341: The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly
osv
CVE-2017-3143P3MEDIUMCVSS 5.9≥ 0, < 1:9.10.3.dfsg.P4-12.42019-01-16
CVE-2017-3143 [MEDIUM] CVE-2017-3143: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and se An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1
osv
CVE-2016-6170P3MEDIUMCVSS 6.5≥ 0, < 1:9.10.6+dfsg-12016-07-06
CVE-2016-6170 [MEDIUM] CVE-2016-6170: ISC BIND through 9 ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.
osv
CVE-2026-1519P3HIGHCVSS 7.5≥ 0, < 1:9.18.39-0ubuntu0.22.04.3≥ 0, < 1:9.18.39-0ubuntu0.24.04.3+1 more2026-03-25
CVE-2026-1519 [HIGH] bind9 vulnerabilities bind9 vulnerabilities Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to a denial of service. (CVE-2026-1519) Vitaly Simonovich discovered that Bind incorrectly handled memory when preparing DNSSEC proofs of non-existence. A remote attacker could possibly use this issue to cause memory consump
osv
CVE-2007-2926P4MEDIUMCVSS 4.3PoC≥ 0, < 1:9.4.1-P1-12007-07-24
CVE-2007-2926 [MEDIUM] CVE-2007-2926: ISC BIND 9 through 9 ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning.
osv
CVE-2024-0760P3HIGHCVSS 7.5≥ 0, < 1:9.18.28-1~deb12u1≥ 0, < 1:9.20.0-12024-07-23
CVE-2024-0760 [HIGH] CVE-2024-0760: A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1
osv
CVE-2018-5743P3HIGHCVSS 7.5≥ 0, < 1:9.11.5.P4+dfsg-42019-10-09
CVE-2018-5743 [HIGH] CVE-2018-5743: By design, BIND is intended to limit the number of TCP clients that can be connected at any given time By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploit
osv
CVE-2023-2828P3HIGHCVSS 7.5≥ 0, < 1:9.16.42-1~deb11u1≥ 0, < 1:9.18.16-1~deb12u1+1 more2023-06-21
CVE-2023-2828 [HIGH] CVE-2023-2828: Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90
osv
CVE-2024-1975P3HIGHCVSS 7.5≥ 0, < 1:9.16.50-1~deb11u1≥ 0, < 1:9.18.28-1~deb12u1+1 more2024-07-23
CVE-2024-1975 [HIGH] CVE-2024-1975: If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cac If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 thr
osv
CVE-2015-8000P3MEDIUMCVSS 5.0≥ 0, < 1:9.9.5.dfsg-12.12015-12-16
CVE-2015-8000 [MEDIUM] CVE-2015-8000: db db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
osv
CVE-2017-3137P3MEDIUMCVSS 5.9≥ 0, < 1:9.9.5.dfsg-3ubuntu0.14≥ 0, < 1:9.10.3.dfsg.P4-8ubuntu1.62017-04-17
CVE-2017-3137 [MEDIUM] bind9 vulnerabilities bind9 vulnerabilities It was discovered that the resolver in Bind made incorrect assumptions about ordering when processing responses containing a CNAME or DNAME. An attacker could use this cause a denial of service. (CVE-2017-3137) Oleg Gorokhov discovered that in some situations, Bind did not properly handle DNS64 queries. An attacker could use this to cause a denial of service. (CVE-2017-3136) Mike Lalumiere discovered that in some situations, B
osv
CVE-2023-2911P3HIGHCVSS 7.5≥ 0, < 1:9.16.42-1~deb11u1≥ 0, < 1:9.18.16-1~deb12u1+1 more2023-06-21
CVE-2023-2911 [HIGH] CVE-2023-2911: If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.
osv
CVE-2024-1737P3HIGHCVSS 7.5≥ 0, < 1:9.10.3.dfsg.P4-8ubuntu1.19+esm92024-08-15
CVE-2024-1737 [HIGH] bind9 vulnerabilities bind9 vulnerabilities USN-6909-1 fixed vulnerabilities in Bind. This update provides the corresponding updates for Ubuntu 16.04 LTS. Original advisory details: Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1737) It was discovered that Bind incorrectly
osv
CVE-2024-4076P3HIGHCVSS 7.5≥ 0, < 1:9.16.50-1~deb11u1≥ 0, < 1:9.18.28-1~deb12u1+1 more2024-07-23
CVE-2024-4076 [HIGH] CVE-2024-4076: Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and
osv
CVE-2026-3104P3HIGHCVSS 7.5≥ 0, < 1:9.20.21-1~deb13u1≥ 0, < 1:9.20.21-12026-03-25
CVE-2026-3104 [HIGH] CVE-2026-3104: A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
osv
CVE-2018-5744P3HIGHCVSS 7.5≥ 0, < 1:9.9.5.dfsg-3ubuntu0.19≥ 0, < 1:9.10.3.dfsg.P4-8ubuntu1.12+1 more2019-02-22
CVE-2018-5744 [HIGH] bind9 vulnerabilities bind9 vulnerabilities Toshifumi Sakaguchi discovered that Bind incorrectly handled memory. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-5744) It was discovered that Bind incorrectly handled certain trust anchors when used with the "managed-keys" feature. A remote attacker could possibly use this issue to cause Bi
osv
CVE-2023-4236P3HIGHCVSS 7.5≥ 0, < 1:9.18.19-1~deb12u1≥ 0, < 1:9.19.17-12023-09-20
CVE-2023-4236 [HIGH] CVE-2023-4236: A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S
osv
Isc Bind9 vulnerabilities | cvebase