cbcvebase.

Isc Bind vulnerabilities

195 known vulnerabilities affecting isc/bind.

Total CVEs
195
CISA KEV
0
Public exploits
16
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH100MEDIUM80LOW6

Vulnerabilities

Page 5 of 10
CVE-2008-0122P3CRITICALCVSS 10.0≤ 9.4.22008-01-16
CVE-2008-0122 [CRITICAL] CWE-189 CVE-2008-0122: Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in l Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
nvd
CVE-2001-0013P3CRITICALCVSS 10.0v4.9.3v4.9.5+2 more2001-02-12
CVE-2001-0013 [CRITICAL] CVE-2001-0013: Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain r Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
nvd
CVE-2020-8620P3HIGHCVSS 7.5≥ 9.15.6, ≤ 9.16.5≥ 9.17.0, ≤ 9.17.3+4 more2020-08-21
CVE-2020-8620 [HIGH] CWE-617 CVE-2020-8620: In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.
nvd
CVE-2021-25218P3HIGHCVSS 7.5v9.16.19v9.17.162021-08-18
CVE-2021-25218 [HIGH] CWE-617 CVE-2021-25218: In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerab In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported
nvdosv
CVE-2001-0011P3CRITICALCVSS 10.0v4.9.3v4.9.5+2 more2001-02-12
CVE-2001-0011 [CRITICAL] CVE-2001-0011: Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileg Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
nvd
CVE-2017-3135P3MEDIUMCVSS 5.9v9.9.3v9.9.8+7 more2019-01-16
CVE-2017-3135 [MEDIUM] CWE-476 CVE-2017-3135: Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.
nvd
CVE-2022-1183P3HIGHCVSS 7.5≥ 9.18.0, ≤ 9.18.2v9.19.02022-05-19
CVE-2022-1183 [HIGH] CWE-617 CVE-2022-1183: On vulnerable configurations, the named daemon may, in some circumstances, terminate with an asserti On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affec
nvd
CVE-2020-8621P3HIGHCVSS 7.5≥ 9.14.0, ≤ 9.16.5≥ 9.17.0, ≤ 9.17.32020-08-21
CVE-2020-8621 [HIGH] CWE-617 CVE-2020-8621: In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization a In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
nvd
CVE-2016-2088P3MEDIUMCVSS 6.8v9.10.0v9.10.1+2 more2016-03-09
CVE-2016-2088 [MEDIUM] CWE-20 CVE-2016-2088: resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
nvd
CVE-2010-0382P3HIGHCVSS 7.6v9.0v9.0.0+37 more2010-01-22
CVE-2010-0382 [HIGH] CVE-2010-0382: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7 ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regr
nvd
CVE-2023-5679P3HIGHCVSS 7.5≥ 9.16.12, ≤ 9.16.45≥ 9.18.0, ≤ 9.18.21+12 more2024-02-13
CVE-2023-5679 [HIGH] CWE-617 CVE-2023-5679: A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
nvdosv
CVE-2023-2829P3HIGHCVSS 7.5≥ 9.16.8, ≤ 9.16.41≥ 9.18.11, ≤ 9.18.152023-06-21
CVE-2023-2829 [HIGH] CVE-2023-2829: A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive U A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
nvd
CVE-2018-5736P3MEDIUMCVSS 5.3v9.12.0v9.12.12019-01-16
CVE-2018-5736 [MEDIUM] CWE-617 CVE-2018-5736: An error in zone database reference counting can lead to an assertion failure if a server which is r An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sendi
nvdosv
CVE-2019-6477P3HIGHCVSS 7.5≥ 9.11.7, ≤ 9.11.12≥ 9.14.1, ≤ 9.14.7+5 more2019-11-26
CVE-2019-6477 [HIGH] CWE-400 CVE-2019-6477: With pipelining enabled each incoming query on a TCP connection requires a similar resource allocati With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined
nvd
CVE-2013-6230P3MEDIUMCVSS 6.8v9.6v9.8.0+11 more2013-11-08
CVE-2013-6230 [MEDIUM] CWE-264 CVE-2013-6230: The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ES The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restriction
nvd
CVE-2020-8622P3MEDIUMCVSS 6.5≥ 9.0.0, ≤ 9.11.21≥ 9.12.0, ≤ 9.16.5+3 more2020-08-21
CVE-2020-8622 [MEDIUM] CWE-617 CVE-2020-8622: In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the se
nvd
CVE-2023-6516P3HIGHCVSS 7.5≥ 9.16.0, ≤ 9.16.45v9.16.8+9 more2024-02-13
CVE-2023-6516 [HIGH] CWE-770 CVE-2023-6516: To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the res
nvdosv
CVE-2026-3119P3MEDIUMCVSS 6.5≥ 9.20.0, < 9.20.21≥ 9.21.0, < 9.21.202026-03-25
CVE-2026-3119 [MEDIUM] CWE-617 CVE-2026-3119: Under certain conditions, `named` may crash when processing a correctly signed query containing a TK Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.2
nvdosv
CVE-2021-25214P3MEDIUMCVSS 6.5≥ 9.8.5, ≤ 9.8.8≥ 9.9.3, < 9.11.31+19 more2021-04-29
CVE-2021-25214 [MEDIUM] CWE-617 CVE-2021-25214: In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the
nvd
CVE-2019-6468P3HIGHCVSS 7.5v9.10.5v9.11.52019-10-09
CVE-2019-6468 [HIGH] CWE-617 CVE-2019-6468: In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions w In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-
nvd
Isc Bind vulnerabilities | cvebase