Isc Bind vulnerabilities
195 known vulnerabilities affecting isc/bind.
Total CVEs
195
CISA KEV
0
Public exploits
16
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH100MEDIUM80LOW6
Vulnerabilities
Page 6 of 10
CVE-2006-0527P3HIGHCVSS 7.5v4v82006-02-02
CVE-2006-0527 [HIGH] CWE-264 CVE-2006-0527: BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain pr
BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.
nvd
CVE-2022-2906P3HIGHCVSS 7.5≥ 9.18.0, < 9.18.7≥ 9.19.0, < 9.19.52022-09-21
CVE-2022-2906 [HIGH] CWE-401 CVE-2022-2906: An attacker can leverage this flaw to gradually erode available memory to the point where named cras
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
nvd
CVE-2022-3080P3HIGHCVSS 7.5≥ 9.16.14, < 9.16.33≥ 9.18.0, < 9.18.7+4 more2022-09-21
CVE-2022-3080 [HIGH] CWE-613 CVE-2022-3080: By sending specific queries to the resolver, an attacker can cause named to crash.
By sending specific queries to the resolver, an attacker can cause named to crash.
nvd
CVE-2017-3136P3MEDIUMCVSS 5.9≥ 9.8.0, ≤ 9.8.8≥ 9.9.0, ≤ 9.9.9+9 more2019-01-16
CVE-2017-3136 [MEDIUM] CWE-617 CVE-2017-3136: A query with a specific set of characteristics could cause a server using DNS64 to encounter an asse
A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6,
nvd
CVE-2018-5741P3MEDIUMCVSS 6.5fixed in 9.11.5≥ 9.12.0, < 9.12.32019-01-16
CVE-2018-5741 [MEDIUM] CWE-863 CVE-2018-5741: To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a z
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not init
nvd
CVE-2015-8704P3MEDIUMCVSS 6.5v9.0v9.0.1+33 more2016-01-20
CVE-2015-8704 [MEDIUM] CWE-20 CVE-2015-8704: apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authentic
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
nvd
CVE-2012-5688P3HIGHCVSS 7.8v9.8.0v9.8.1+4 more2012-12-06
CVE-2012-5688 [HIGH] CWE-20 CVE-2012-5688: ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attac
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
nvd
CVE-2009-0025P3MEDIUMCVSS 6.8v9.0v9.0.0+22 more2009-01-07
CVE-2009-0025 [MEDIUM] CVE-2009-0025: BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenS
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
nvd
CVE-2015-1349P3MEDIUMCVSS 5.4v9.7.0v9.7.1+24 more2015-02-19
CVE-2015-1349 [MEDIUM] CWE-399 CVE-2015-1349: named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC valid
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
nvd
CVE-2019-6476P3HIGHCVSS 7.5≥ 9.14.0, ≤ 9.14.6≥ 9.15.0, ≤ 9.15.42019-10-17
CVE-2019-6476 [HIGH] CWE-617 CVE-2019-6476: A defect in code added to support QNAME minimization can cause named to exit with an assertion failu
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.
nvdosv
CVE-2019-6469P3HIGHCVSS 7.5v9.10.5v9.11.62019-10-09
CVE-2019-6469 [HIGH] CWE-617 CVE-2019-6469: An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with
An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.
nvd
CVE-2018-5742P3HIGHCVSS 7.5≥ 9.9.4-65, ≤ 9.9.4-722019-10-30
CVE-2018-5742 [HIGH] CWE-617 CVE-2018-5742: While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an asse
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.
nvd
CVE-2022-0635P3HIGHCVSS 7.5v9.18.0vOpen Source Branch 9.18 9.18.02022-03-23
CVE-2022-0635 [HIGH] CWE-617 CVE-2022-0635: Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific quer
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
nvd
CVE-2015-8705P3HIGHCVSS 7.0v9.0v9.0.1+33 more2016-01-20
CVE-2015-8705 [HIGH] CWE-20 CVE-2015-8705: buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote
buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.
nvd
CVE-2002-1219P3HIGHCVSS 7.5v4.9.5v4.9.6+15 more2002-11-29
CVE-2002-1219 [HIGH] CVE-2002-1219: Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, al
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
nvd
CVE-1999-0848P4MEDIUMCVSS 5.0PoCv8.2v8.2.11999-11-10
CVE-1999-0848 [MEDIUM] CVE-1999-0848: Denial of service in BIND named via consuming more than "fdmax" file descriptors.
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
nvd
CVE-2021-25219P3MEDIUMCVSS 5.3≥ 9.3.0, < 9.11.36≥ 9.12.0, < 9.16.22+20 more2021-10-27
CVE-2021-25219 [MEDIUM] CVE-2021-25219: In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance.
nvd
CVE-2022-38177P3HIGHCVSS 7.5≥ 9.8.4, ≤ 9.16.32v9.9.3+22 more2022-09-21
CVE-2022-38177 [HIGH] CWE-401 CVE-2022-38177: By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker ca
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
nvd
CVE-2010-3614P3MEDIUMCVSS 6.4v9.0v9.0.0+46 more2010-12-06
CVE-2010-3614 [MEDIUM] CWE-20 CVE-2010-3614: named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.
nvd
CVE-2022-38178P3HIGHCVSS 7.5≥ 9.9.12, ≤ 9.9.13≥ 9.10.7, ≤ 9.10.8+19 more2022-09-21
CVE-2022-38178 [HIGH] CWE-401 CVE-2022-38178: By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker ca
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
nvd