Isc Bind vulnerabilities

189 known vulnerabilities affecting isc/bind.

Total CVEs

189

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL8HIGH98MEDIUM77LOW6

Vulnerabilities

Page 7 of 10

CVE-2012-5166HIGHCVSS 7.8v9.0v9.0.0+52 more2012-10-10

CVE-2012-5166 [HIGH] CWE-189 CVE-2012-5166: ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.

nvd

CVE-2012-4244HIGHCVSS 7.8v9.0v9.0.0+53 more2012-09-14

CVE-2012-4244 [HIGH] CVE-2012-4244: ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.

nvd

CVE-2012-3817HIGHCVSS 7.8v9.4v9.4.0+26 more2012-07-25

CVE-2012-3817 [HIGH] CWE-20 CVE-2012-3817: ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.

nvd

CVE-2012-3868MEDIUMCVSS 4.3v9.9.0v9.9.12012-07-25

CVE-2012-3868 [MEDIUM] CWE-362 CVE-2012-3868: Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.

nvd

CVE-2012-1667HIGHCVSS 8.5v9.0v9.0.0+49 more2012-06-05

CVE-2012-1667 [HIGH] CWE-189 CVE-2012-1667: ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafte

nvd

CVE-2012-1033MEDIUMCVSS 5.0v9.0v9.0.1+34 more2012-02-08

CVE-2012-1033 [MEDIUM] CVE-2012-1033: The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS reco The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

nvd

CVE-2011-4313MEDIUMCVSS 5.0v9.0v9.0.0+47 more2011-11-29

CVE-2011-4313 [MEDIUM] CVE-2011-4313: query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7 query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record

nvd

CVE-2011-2464MEDIUMCVSS 5.0v9.6v9.6.0+10 more2011-07-08

CVE-2011-2464 [MEDIUM] CVE-2011-2464: Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.

nvd

CVE-2011-2465LOWCVSS 2.6v9.8.0v9.8.12011-07-08

CVE-2011-2465 [LOW] CVE-2011-2465: Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is en Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.

nvd

CVE-2011-1910MEDIUMCVSS 5.0v9.0v9.0.0+45 more2011-05-31

CVE-2011-1910 [MEDIUM] CWE-189 CVE-2011-1910: Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4 Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

nvd

CVE-2011-1907MEDIUMCVSS 5.0v9.8.02011-05-09

CVE-2011-1907 [MEDIUM] CWE-399 CVE-2011-1907: ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allow ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

nvd

CVE-2011-0414HIGHCVSS 7.1v9.7.1v9.7.22011-02-23

CVE-2011-0414 [HIGH] CWE-399 CVE-2011-0414: ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

nvd

CVE-2010-3613MEDIUMCVSS 4.0v9.6v9.6.2+3 more2010-12-06

CVE-2010-3613 [MEDIUM] CWE-264 CVE-2010-3613: named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does n named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.

nvd

CVE-2010-3615MEDIUMCVSS 5.0v9.7.22010-12-06

CVE-2010-3615 [MEDIUM] CWE-264 CVE-2010-3615: named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might a named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

nvd

CVE-2010-3614MEDIUMCVSS 6.4v9.0v9.0.0+46 more2010-12-06

CVE-2010-3614 [MEDIUM] CWE-20 CVE-2010-3614: named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.

nvd

CVE-2010-3762MEDIUMCVSS 4.3≤ 9.7.22010-10-05

CVE-2010-3762 [MEDIUM] CWE-20 CVE-2010-3762: ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad si ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.

nvd

CVE-2010-0218MEDIUMCVSS 5.0v9.7.22010-10-05

CVE-2010-0218 [MEDIUM] CWE-264 CVE-2010-0218: ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired ( ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.

nvd

CVE-2010-0213LOWCVSS 2.6v9.7.12010-07-28

CVE-2010-0213 [LOW] CWE-19 CVE-2010-0213: BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured st BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative

nvd

CVE-2010-0382HIGHCVSS 7.6v9.0v9.0.0+37 more2010-01-22

CVE-2010-0382 [HIGH] CVE-2010-0382: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7 ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regr

nvd

CVE-2010-0290MEDIUMCVSS 4.0v9.0v9.0.0+37 more2010-01-22

CVE-2010-0290 [MEDIUM] CVE-2010-0290: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME rec

nvd

← Previous7 / 10Next →