bind · threatengine.sh

CVE-2023-50868

>= 9.0.0 and < 9.16.48

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to c

7.5HIGH

CVE-2023-50387

>= 9.0.0 and <= 9.16.46

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a den

7.5HIGH

CVE-2023-6516

>= 9.16.0 and <= 9.16.45

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It u

7.5HIGH

CVE-2023-5680

all versions

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database no

5.3MEDIUM

CVE-2023-5679

>= 9.16.12 and <= 9.16.45

A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution,

7.5HIGH

CVE-2023-5517

>= 9.12.0 and <= 9.16.45

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - `nxdomain-redirect <domai

7.5HIGH

CVE-2023-4408

>= 9.0.0 and <= 9.16.45

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause proble

7.5HIGH

CVE-2023-4236

>= 9.18.0 and < 9.18.18

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failur

7.5HIGH

CVE-2023-3341

>= 9.2.0 and < 9.16.44

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recurs

7.5HIGH

CVE-2023-2911

>= 9.16.33 and <= 9.16.41

If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and `stale-answer

7.5HIGH

CVE-2023-2829

>= 9.16.8 and <= 9.16.41

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (

7.5HIGH

CVE-2023-2828

>= 9.11.0 and <= 9.16.41

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries i

7.5HIGH

CVE-2022-3924

>= 9.16.12 and < 9.16.37

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option `stale-answer-client-timeo

7.5HIGH

CVE-2022-3736

>= 9.16.12 and < 9.16.37

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positiv

7.5HIGH

CVE-2022-3488

all versions

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken

7.5HIGH

CVE-2022-3094

>= 9.16.0 and < 9.16.37

Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to

7.5HIGH

CVE-2022-3080

>= 9.16.14 and < 9.16.33

By sending specific queries to the resolver, an attacker can cause named to crash.

7.5HIGH

CVE-2022-38178

>= 9.9.12 and <= 9.9.13

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak.

7.5HIGH

CVE-2022-38177

>= 9.8.4 and <= 9.16.32

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak.

7.5HIGH

CVE-2022-2906

>= 9.18.0 and < 9.18.7

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upo

7.5HIGH

CVE-2022-2881

>= 9.18.0 and < 9.18.7

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

5.5MEDIUM

CVE-2022-2795

>= 9.0.0 and < 9.16.33

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance,

5.3MEDIUM

CVE-2022-1183

>= 9.18.0 and <= 9.18.2

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configu

7.5HIGH

CVE-2021-25220

>= 9.11.0 and < 9.11.37

BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1 9.16.8-S1 - 9.16.26

6.8MEDIUM

CVE-2022-0635

all versions

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will ev

7.5HIGH

CVE-2022-0396

>= 9.17.0 and <= 9.18.0

BIND 9.16.11 - 9.16.26, 9.17.0 - 9.18.0 and versions 9.16.11-S1 - 9.16.26-S1 of the BIND Supported Preview Edition. Specifically c

5.3MEDIUM

CVE-2022-0667

all versions

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0

7.5HIGH

CVE-2021-25219

>= 9.3.0 and < 9.11.36

In BIND 9.3.0 - 9.11.35, 9.12.0 - 9.16.21, and versions 9.9.3-S1 - 9.11.35-S1 and 9.16.8-S1 - 9.16.21-S1 of BIND Supported Preview

5.3MEDIUM

CVE-2021-25218

all versions

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a

7.5HIGH

CVE-2021-25216

>= 9.0.0 and < 9.11.31

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported P

8.1HIGH

CVE-2021-25215

>= 9.0.0 and < 9.11.31

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Pr

7.5HIGH

CVE-2021-25214

>= 9.8.5 and <= 9.8.8

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BI

6.5MEDIUM

CVE-2020-8625

>= 9.5.0 and <= 9.11.27

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuratio

8.1HIGH

CVE-2020-8624

>= 9.9.12 and <= 9.9.13

In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1,

4.3MEDIUM

CVE-2020-8623

>= 9.10.0 and <= 9.11.21

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Ed

7.5HIGH

CVE-2020-8622

>= 9.0.0 and <= 9.11.21

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edit

6.5MEDIUM

CVE-2020-8621

>= 9.14.0 and <= 9.16.5

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attac

7.5HIGH

CVE-2020-8620

>= 9.15.6 and <= 9.16.5

In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that con

7.5HIGH

CVE-2020-8619

>= 9.11.14 and <= 9.11.19

In ISC BIND9 versions BIND 9.11.14 - 9.11.19, BIND 9.14.9 - 9.14.12, BIND 9.16.0 - 9.16.3, BIND Supported Preview Edition 9.11.14-

4.9MEDIUM

CVE-2020-8618

>= 9.16.0 and <= 9.16.3

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the asserti

4.9MEDIUM

CVE-2020-8617

>= 9.0.0 and <= 9.11.18

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker

7.5HIGH

CVE-2020-8616

>= 9.0.0 and <= 9.11.18

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing

8.6HIGH

CVE-2019-6477

>= 9.11.7 and <= 9.11.12

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP

7.5HIGH

CVE-2013-5661

>= 9.8.0 and <= 9.9.0

Cache Poisoning issue exists in DNS Response Rate Limiting.

5.9MEDIUM

CVE-2018-5742

>= 9.9.4-65 and <= 9.9.4-72

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420.

7.5HIGH

CVE-2019-6476

>= 9.14.0 and <= 9.14.6

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a re

5.9MEDIUM

CVE-2019-6475

>= 9.14.0 and <= 9.14.6

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is simi

5.9MEDIUM

CVE-2019-6471

>= 9.11.0 and <= 9.11.7

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure i

5.9MEDIUM

CVE-2019-6469

all versions

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when pro

7.5HIGH

CVE-2019-6468

all versions

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subne

7.5HIGH

CVE-2019-6467

>= 9.12.0 and <= 9.12.4

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by

7.5HIGH

CVE-2019-6465

>= 9.9.0 and <= 9.10.7

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions af

5.3MEDIUM

CVE-2018-5745

>= 9.9.0 and <= 9.10.7

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators

4.9MEDIUM

CVE-2018-5744

>= 9.10.7 and < 9.10.8

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are:

7.5HIGH

CVE-2018-5743

>= 9.9.0 and <= 9.10.8

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed conn

7.5HIGH

CVE-2018-5741

< 9.11.5

To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature

6.5MEDIUM

CVE-2018-5740

>= 9.7.0 and < 9.8.8

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding

7.5HIGH

CVE-2018-5738

all versions

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting

5.3MEDIUM

CVE-2018-5737

all versions

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even wh

5.9MEDIUM

CVE-2018-5736

all versions

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of

5.3MEDIUM

CVE-2018-5734

all versions

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the

7.5HIGH

CVE-2017-3145

>= 9.4.0 and <= 9.8.8

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free

7.5HIGH

CVE-2017-3143

>= 9.4.0 and <= 9.8.8

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name

7.5HIGH

CVE-2017-3142

>= 9.4.0 and <= 9.8.8

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name

5.3MEDIUM

CVE-2017-3141

>= 9.2.6 and <= 9.2.9

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the h

7.2HIGH

CVE-2017-3140

>= 9.11.0 and <= 9.11.1

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND w

3.7LOW

CVE-2017-3138

all versions

named contains a feature which allows operators to issue commands to a running server by communicating with the server process ove

6.5MEDIUM

CVE-2017-3137

all versions

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records

7.5HIGH

CVE-2017-3136

>= 9.8.0 and <= 9.8.8

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. A

5.9MEDIUM

CVE-2017-3135

all versions

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent sta

7.5HIGH

CVE-2016-9778

all versions

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover

7.5HIGH

CVE-2016-9444

all versions

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a den

7.5HIGH

CVE-2016-9147

all versions

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion fai

7.5HIGH

CVE-2016-9131

>= 9.0 and <= 9.9.8

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a den

7.5HIGH

CVE-2016-8864

>= 9.0.0 and < 9.9.9

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a den

7.5HIGH

CVE-2016-2848

all versions

ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure

7.5HIGH

CVE-2016-2776

<= 9.9.9

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct

7.5HIGH

CVE-2016-2775

>= 9.0 and <= 9.9.8

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enable

5.9MEDIUM

CVE-2016-6170

>= 9.0 and <= 9.9.8

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of s

6.5MEDIUM

CVE-2016-2088

all versions

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial o

6.8MEDIUM

CVE-2016-1286

>= 9.0.0 and < 9.9.8

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion

8.6HIGH

CVE-2016-1285

>= 9.0.0 and < 9.9.8

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply

6.8MEDIUM

CVE-2016-1284

all versions

rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attac

5.9MEDIUM

CVE-2015-8705

all versions

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of

7.0HIGH

CVE-2015-8704

all versions

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial o

6.5MEDIUM

CVE-2015-8461

all versions

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cau

CVE-2015-8000

all versions

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (RE

CVE-2015-5986

<= 9.9.7

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial o

CVE-2015-5722

<= 9.9.7

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service

CVE-2015-5477

<= 9.9.7

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE as

CVE-2015-4620

all versions

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolv

CVE-2015-1349

all versions

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys fea

CVE-2014-8680

all versions

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure

CVE-2014-8500

all versions

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remo

CVE-2014-3859

all versions

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of serv

CVE-2014-3214

all versions

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause

CVE-2014-0591

all versions

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and

CVE-2013-6230

all versions

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1,

CVE-2013-4854

all versions

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, a

CVE-2013-3919

all versions

resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolve

CVE-2013-2266

all versions

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX

CVE-2012-5689

all versions

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone

CVE-2012-5688

all versions

ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of serv

CVE-2012-5166

all versions

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows re

CVE-2012-4244

all versions

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows re

CVE-2012-3868

all versions

Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial o

CVE-2012-3817

all versions

ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-

CVE-2012-1667

all versions

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not

CVE-2012-1033

all versions

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a

CVE-2011-4313

all versions

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 throug

CVE-2011-2465

all versions

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy

CVE-2011-2464

all versions

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote

CVE-2011-1910

all versions

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before

CVE-2011-1907

all versions

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a

CVE-2011-0414

all versions

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service

CVE-2010-3615

all versions

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make

CVE-2010-3614

all versions

named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not pr

CVE-2010-3613

all versions

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combina

CVE-2010-3762

<= 9.7.2

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anc

CVE-2010-0218

all versions

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cach

CVE-2010-0213

all versions

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookasi

CVE-2010-0382

all versions

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwi

CVE-2010-0290

all versions

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.

CVE-2010-0097

all versions

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly vali

CVE-2009-4022

all versions

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7

CVE-2009-0696

all versions

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, w

CVE-2009-0265

<= 9.6.0

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal

7.5HIGH

CVE-2009-0025

all versions

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which

CVE-2008-4163

all versions

Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a deni

CVE-2008-1447

all versions

The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP

6.8MEDIUM

CVE-2008-0122

<= 9.4.2

Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0

CVE-2007-2930

<= 8.4.7

The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query ident

CVE-2007-2926

all versions

ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver question

CVE-2007-2925

all versions

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and al

CVE-2007-2241

all versions

Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote atta

CVE-2007-0494

all versions

ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (

CVE-2007-0493

all versions

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (B

CVE-2006-4096

all versions

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursi

CVE-2006-4095

<= 9.2.6

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG querie

7.5HIGH

CVE-2006-2073

all versions

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broke

CVE-2006-0987

all versions

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and prov

CVE-2006-0527

all versions

BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpur

CVE-2005-0034

all versions

An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers t

CVE-2005-0033

all versions

Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of s

CVE-2003-0914

all versions

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that

CVE-2002-2213

all versions

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows rem

CVE-2002-2212

all versions

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote

CVE-2002-2211

all versions

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisonin

CVE-2002-1221

all versions

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times,

CVE-2002-1220

all versions

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request

CVE-2002-1219

all versions

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execu

CVE-2002-0029

all versions

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc a

CVE-2002-0684

all versions

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to

CVE-2002-0651

all versions

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS s

CVE-2002-0400

all versions

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers a

CVE-2001-0497

<= 8.2.4

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared s

7.8HIGH

CVE-2001-0013

all versions

Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

CVE-2001-0012

all versions

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.

CVE-2001-0011

all versions

Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

CVE-2001-0010

all versions

Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

CVE-2000-0888

all versions

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, ak

CVE-2000-0887

all versions

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR

CVE-2000-1029

all versions

Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.

CVE-2000-0335

all versions

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.

CVE-1999-0849

all versions

Denial of service in BIND named via maxdname.

CVE-1999-0848

all versions

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

CVE-1999-0837

all versions

Denial of service in BIND by improperly closing TCP sessions via so_linger.

CVE-1999-0833

all versions

Buffer overflow in BIND 8.2 via NXT records.

CVE-1999-1499

all versions

named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the pr

CVE-1999-0011

all versions

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

5.4MEDIUM

CVE-1999-0010

all versions

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

CVE-1999-0009

all versions

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVE-1999-0024

all versions

DNS cache poisoning via BIND, by predictable query IDs.

CVE-1999-0184

all versions

When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification

isc bind