Isc Bind vulnerabilities
195 known vulnerabilities affecting isc/bind.
Total CVEs
195
CISA KEV
0
Public exploits
16
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH100MEDIUM80LOW6
Vulnerabilities
Page 9 of 10
CVE-2023-5680P4MEDIUMCVSS 5.3v9.11.3v9.11.4+22 more2024-02-13
CVE-2023-5680 [MEDIUM] CVE-2023-5680: If a resolver cache has a very large number of ECS records stored for the same name, the process of
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
nvdosv
CVE-2020-8624P4MEDIUMCVSS 4.3≥ 9.9.12, ≤ 9.9.13≥ 9.10.7, ≤ 9.10.8+7 more2020-08-21
CVE-2020-8624 [MEDIUM] CWE-269 CVE-2020-8624: In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, a
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to upda
nvd
CVE-2016-1284P4MEDIUMCVSS 5.9v9.9.82016-02-04
CVE-2016-1284 [MEDIUM] CWE-20 CVE-2016-1284: rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect i
rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.
nvd
CVE-2005-0033P4MEDIUMCVSS 5.0v8.4.4v8.4.52005-05-02
CVE-2005-0033 [MEDIUM] CVE-2005-0033: Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote at
Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.
nvd
CVE-2018-5745P4MEDIUMCVSS 4.9≥ 9.9.0, ≤ 9.10.7≥ 9.11.0, ≤ 9.11.4+7 more2019-10-09
CVE-2018-5745 [MEDIUM] CWE-327 CVE-2018-5745: "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys
nvd
CVE-2020-8619P4MEDIUMCVSS 4.9≥ 9.11.14, ≤ 9.11.19≥ 9.11.14-s1, ≤ 9.11.19-s1+2 more2020-06-17
CVE-2020-8619 [MEDIUM] CWE-404 CVE-2020-8619: In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND S
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be enco
nvd
CVE-2020-8618P4MEDIUMCVSS 4.9≥ 9.16.0, ≤ 9.16.32020-06-17
CVE-2020-8618 [MEDIUM] CWE-617 CVE-2020-8618: An attacker who is permitted to send zone data to a server via zone transfer can exploit this to int
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
nvd
CVE-2010-0290P4MEDIUMCVSS 4.0v9.0v9.0.0+37 more2010-01-22
CVE-2010-0290 [MEDIUM] CVE-2010-0290: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2,
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME rec
nvd
CVE-2006-4096P4MEDIUMCVSS 5.0v9.2.0v9.2.1+9 more2006-09-06
CVE-2006-4096 [MEDIUM] CVE-2006-4096: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
nvd
CVE-2002-2211P4MEDIUMCVSS 5.0v4.9v4.9.2+21 more2002-12-31
CVE-2002-2211 [MEDIUM] CVE-2002-2211: BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient
nvd
CVE-2010-3613P4MEDIUMCVSS 4.0v9.6v9.6.2+3 more2010-12-06
CVE-2010-3613 [MEDIUM] CWE-264 CVE-2010-3613: named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does n
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
nvd
CVE-2017-3142P4LOWCVSS 3.7≥ 9.4.0, ≤ 9.8.8≥ 9.9.0, ≤ 9.9.10+7 more2019-01-16
CVE-2017-3142 [LOW] CWE-20 CVE-2017-3142: An attacker who is able to send and receive messages to an authoritative DNS server and who has know
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providi
nvd
CVE-2010-0218P4MEDIUMCVSS 5.0v9.7.22010-10-05
CVE-2010-0218 [MEDIUM] CWE-264 CVE-2010-0218: ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (
ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
nvd
CVE-1999-0837P4CRITICALCVSS 10.0v8.2v8.2.11999-11-10
CVE-1999-0837 [CRITICAL] CVE-1999-0837: Denial of service in BIND by improperly closing TCP sessions via so_linger.
Denial of service in BIND by improperly closing TCP sessions via so_linger.
nvd
CVE-2010-3762P4MEDIUMCVSS 4.3≤ 9.7.22010-10-05
CVE-2010-3762 [MEDIUM] CWE-20 CVE-2010-3762: ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad si
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.
nvd
CVE-2011-1907P4MEDIUMCVSS 5.0v9.8.02011-05-09
CVE-2011-1907 [MEDIUM] CWE-399 CVE-2011-1907: ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allow
ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
nvd
CVE-2002-0400P4MEDIUMCVSS 5.0v9.0v9.1+4 more2002-06-18
CVE-2002-0400 [MEDIUM] CVE-2002-0400: ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malfor
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
nvd
CVE-2006-2073P4MEDIUMCVSS 5.0v9.0v9.0.1+11 more2006-04-27
CVE-2006-2073 [MEDIUM] CVE-2006-2073: Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a cra
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
nvd
CVE-2000-0888P4MEDIUMCVSS 5.0v8.2v8.2.1+1 more2000-12-19
CVE-2000-0888 [MEDIUM] CVE-2000-0888: named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending a
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
nvd
CVE-2005-0034P4MEDIUMCVSS 4.3v9.3.02005-05-02
CVE-2005-0034 [MEDIUM] CVE-2005-0034: An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enab
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
nvd