cbcvebase.

Isc Bind vulnerabilities

195 known vulnerabilities affecting isc/bind.

Total CVEs
195
CISA KEV
0
Public exploits
16
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH100MEDIUM80LOW6

Vulnerabilities

Page 8 of 10
CVE-2007-0494P4MEDIUMCVSS 4.3v9.0v9.0.0+20 more2007-01-25
CVE-2007-0494 [MEDIUM] CWE-19 CVE-2007-0494: ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9. ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
nvd
CVE-2007-2925P4MEDIUMCVSS 5.8v9.4.0v9.4.1+1 more2007-07-24
CVE-2007-2925 [MEDIUM] CVE-2007-2925: The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
nvd
CVE-2002-0684P4HIGHCVSS 7.5v4.9.82002-08-12
CVE-2002-0684 [HIGH] CVE-2002-0684: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as use Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
nvd
CVE-2019-6471P4MEDIUMCVSS 5.9≥ 9.11.0, ≤ 9.11.7≥ 9.12.0, ≤ 9.12.3+6 more2019-10-09
CVE-2019-6471 [MEDIUM] CWE-362 CVE-2019-6471: A race condition which may occur when discarding malformed packets can result in BIND exiting due to A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported
nvd
CVE-2019-6465P4MEDIUMCVSS 5.3≥ 9.9.0, ≤ 9.10.7≥ 9.11.0, ≤ 9.11.4+6 more2019-10-09
CVE-2019-6465 [MEDIUM] CWE-732 CVE-2019-6465: Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. V
nvd
CVE-2012-1033P4MEDIUMCVSS 5.0v9.0v9.0.1+34 more2012-02-08
CVE-2012-1033 [MEDIUM] CVE-2012-1033: The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS reco The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
nvd
CVE-2011-4313P4MEDIUMCVSS 5.0v9.0v9.0.0+47 more2011-11-29
CVE-2011-4313 [MEDIUM] CVE-2011-4313: query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7 query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record
nvd
CVE-2015-8461P4HIGHCVSS 7.1v8.4.7v9.0+62 more2015-12-16
CVE-2015-8461 [HIGH] CWE-362 CVE-2015-8461: Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
nvd
CVE-2010-0097P4MEDIUMCVSS 4.3v9.0v9.0.0+38 more2010-01-22
CVE-2010-0097 [MEDIUM] CWE-20 CVE-2010-0097: ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7 ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
nvd
CVE-2026-3592P4MEDIUMCVSS 5.3≥ 9.11.0, ≤ 9.16.50≥ 9.18.0, < 9.18.49+2 more2026-05-20
CVE-2026-3592 [MEDIUM] CWE-408 CVE-2026-3592: BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim r BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9
nvd
CVE-2013-5661P4MEDIUMCVSS 5.9≥ 9.8.0, ≤ 9.9.02019-11-05
CVE-2013-5661 [MEDIUM] CWE-290 CVE-2013-5661: Cache Poisoning issue exists in DNS Response Rate Limiting. Cache Poisoning issue exists in DNS Response Rate Limiting.
nvd
CVE-2014-3214P4MEDIUMCVSS 5.0v9.10.02014-05-09
CVE-2014-3214 [MEDIUM] CWE-20 CVE-2014-3214: The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, all The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.
nvd
CVE-2014-8680P4MEDIUMCVSS 5.4v9.10.0v9.10.12014-12-11
CVE-2014-8680 [MEDIUM] CWE-20 CVE-2014-8680: The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
nvd
CVE-2010-3615P4MEDIUMCVSS 5.0v9.7.22010-12-06
CVE-2010-3615 [MEDIUM] CWE-264 CVE-2010-3615: named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might a named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.
nvd
CVE-2022-0396P4MEDIUMCVSS 5.3≥ 9.16.11, < 9.16.27≥ 9.17.0, ≤ 9.18.0+4 more2022-03-23
CVE-2022-0396 [MEDIUM] CWE-404 CVE-2022-0396: BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supporte BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
nvd
CVE-1999-1499P4LOWCVSS 2.1PoCv4.9v8.11998-04-10
CVE-1999-1499 [LOW] CVE-1999-1499: named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_ named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.
nvd
CVE-2014-0591P4LOWCVSS 2.6v9.6v9.6.0+19 more2014-01-14
CVE-2014-0591 [LOW] CWE-119 CVE-2014-0591: The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.
nvd
CVE-2014-3859P4MEDIUMCVSS 5.0v9.10.02014-06-13
CVE-2014-3859 [MEDIUM] CWE-20 CVE-2014-3859: libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attac libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
nvd
CVE-2007-2241P4HIGHCVSS 7.1v9.4.0v9.5.02007-05-02
CVE-2007-2241 [HIGH] CVE-2007-2241: Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
nvd
CVE-2022-2795P4MEDIUMCVSS 5.3≥ 9.0.0, < 9.16.33≥ 9.18.0, < 9.18.7+24 more2022-09-21
CVE-2022-2795 [MEDIUM] CVE-2022-2795: By flooding the target resolver with queries exploiting this flaw an attacker can significantly impa By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
nvd