cbcvebase.

Isc Bind9 vulnerabilities

128 known vulnerabilities affecting isc/bind9.

Total CVEs
128
CISA KEV
0
Public exploits
7
Exploited in wild
4
Severity breakdown
CRITICAL1HIGH73MEDIUM47LOW7

Vulnerabilities

Page 6 of 7
CVE-2011-1910P4MEDIUMCVSS 5.0≥ 0, < 1:9.8.1.dfsg-12011-05-31
CVE-2011-1910 [MEDIUM] CVE-2011-1910: Off-by-one error in named in ISC BIND 9 Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
osv
CVE-2007-0494P4MEDIUMCVSS 4.3≥ 0, < 1:9.3.4-22007-01-25
CVE-2007-0494 [MEDIUM] CVE-2007-0494: ISC BIND 9 ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
osv
CVE-2007-2925P4MEDIUMCVSS 5.8≥ 0, < 1:9.4.1-P1-12007-07-24
CVE-2007-2925 [MEDIUM] CVE-2007-2925: The default access control lists (ACL) in ISC BIND 9 The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
osv
CVE-2019-6471P4MEDIUMCVSS 5.9≥ 0, < 1:9.11.5.P4+dfsg-5.12019-10-09
CVE-2019-6471 [MEDIUM] CVE-2019-6471: A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 develo
osv
CVE-2019-6465P4MEDIUMCVSS 5.3≥ 0, < 1:9.11.5.P4+dfsg-12019-10-09
CVE-2019-6465 [MEDIUM] CVE-2019-6465: Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9 Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 de
osv
CVE-2012-1033P4MEDIUMCVSS 5.0≥ 0, < 1:9.8.1.dfsg.P1-4.12012-02-08
CVE-2012-1033 [MEDIUM] CVE-2012-1033: The resolver in ISC BIND 9 through 9 The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
osv
CVE-2011-4313P4MEDIUMCVSS 5.0≥ 0, < 1:9.8.1.dfsg.P1-12011-11-29
CVE-2011-4313 [MEDIUM] CVE-2011-4313: query query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
osv
CVE-2010-0097P4MEDIUMCVSS 4.3≥ 0, < 1:9.7.0.dfsg-12010-01-22
CVE-2010-0097 [MEDIUM] CVE-2010-0097: ISC BIND 9 ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
osv
CVE-2010-3615P4MEDIUMCVSS 5.0≥ 0, < 1:9.7.2.dfsg.P3-12010-12-06
CVE-2010-3615 [MEDIUM] CVE-2010-3615: named in ISC BIND 9 named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
osv
CVE-2022-0396P4MEDIUMCVSS 5.3≥ 0, < 1:9.16.27-1~deb11u1≥ 0, < 1:9.18.1-12022-03-23
CVE-2022-0396 [MEDIUM] CVE-2022-0396: BIND 9 BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
osv
CVE-2014-0591P4LOWCVSS 2.6≥ 0, < 1:9.9.5.dfsg-22014-01-14
CVE-2014-0591 [LOW] CVE-2014-0591: The query_findclosestnsec3 function in query The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
osv
CVE-2007-2241P4HIGHCVSS 7.1≥ 0, < 1:9.4.1-12007-05-02
CVE-2007-2241 [HIGH] CVE-2007-2241: Unspecified vulnerability in query Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
osv
CVE-2022-2795P4MEDIUMCVSS 5.3vOpen Source Branches 9.0 through 9.16 9.0.0 through versions before 9.16.33vOpen Source Branch 9.18 9.18.0 through versions before 9.18.7+3 more2022-09-21
CVE-2022-2795 [MEDIUM] CVE-2022-2795: By flooding the target resolver with queries exploiting this flaw an attacker can significantly impa By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
nvdosv
CVE-2020-8624P4MEDIUMCVSS 4.3≥ 9.9.12, < unspecified≥ unspecified, ≤ 9.9.13+10 more2020-08-21
CVE-2020-8624 [MEDIUM] CWE-269 CVE-2020-8624: In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, a In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to upda
nvdosv
CVE-2018-5745P4MEDIUMCVSS 4.9≥ 0, < 1:9.11.5.P4+dfsg-12019-10-09
CVE-2018-5745 [MEDIUM] CVE-2018-5745: "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if,
osv
CVE-2020-8619P4MEDIUMCVSS 4.9v9.11.14 through versions before 9.11.20v9.16.0 through versions before 9.16.4+2 more2020-06-17
CVE-2020-8619 [MEDIUM] CWE-404 CVE-2020-8619: In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND S In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be enco
nvdosv
CVE-2020-8618P4MEDIUMCVSS 4.9v9.16.0 -> 9.16.32020-06-17
CVE-2020-8618 [MEDIUM] CWE-617 CVE-2020-8618: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to int An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
nvdosv
CVE-2006-4096P4MEDIUMCVSS 5.0≥ 0, < 1:9.3.2-P1-12006-09-06
CVE-2006-4096 [MEDIUM] CVE-2006-4096: BIND before 9 BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
osv
CVE-2010-3613P4MEDIUMCVSS 4.0≥ 0, < 1:9.7.2.dfsg.P3-12010-12-06
CVE-2010-3613 [MEDIUM] CVE-2010-3613: named in ISC BIND 9 named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
osv
CVE-2017-3142P4LOWCVSS 3.7≥ 0, < 1:9.10.3.dfsg.P4-12.42019-01-16
CVE-2017-3142 [LOW] CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circ An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL pr
osv
Isc Bind9 vulnerabilities | cvebase