25 matches found
GHSA-5PVG-856G-CP85 Netty has Insufficient Bailiwick Validation for NS Records
Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...
Netty has Insufficient Bailiwick Validation for NS Records
Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...
CVE-2026-42960
A flaw was found in Unbound's handling of DNS reply messages, complementing the earlier CVE-2025-11411 fix. Unbound accepts and caches address records from the additional section of DNS replies when they accompany authority section RRSets other than NS such as MX records. A malicious actor who ca...
CVE-2026-42959
A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...
CVE-2026-42960
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...
MiracleLinux 7 : bind-9.11.4-26.P2.16.0.5.el7.AXS7 (AXSA:2025-9780:04)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9780:04 advisory. CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9 CVEs: CVE-2024-11187 It is possible to construct a zone such that...
CLSA-2025-1741624657 bind: Fix of CVE-2024-11187
CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9...
CLSA-2025-1741216880 bind: Fix of CVE-2024-11187
CVE-2024-11187: fix Denial of Service via Additional Section Resource Exhaustion in BIND 9...
CLSA-2025-1741126041 bind: Fix of CVE-2024-11187
CVE-2024-11187: fix excessive resource usage by limiting additional section processing and adjusting resolver tests...
Many records in the additional section cause CPU exhaustion
...
bind security update
32:9.16.23-24.0.1.el95.3 - Fix bind: bind9: Many records in the additional section cause CPU exhaustion CVE-2024-11187...
bind security update
32:9.11.36-16.4 - Change patches applying to use -P parameter 32:9.11.36-16.3 - Limit additional section records CPU processing CVE-2024-11187 - Correct ANY queries to not have additional data appended...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
bind: bind9: Many records in the additional section cause CPU exhaustion
A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...
Security update for bind
This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
Security update for bind
This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
Security update for bind
This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...
Security update for bind
This update for bind fixes the following issues: CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section bsc1236596 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively y...