32 matches found
Astra Linux – Vulnerabilities in unbound, bind9, dnsmasq
Certain aspects of the DNS protocol’s DNSSEC mechanism described in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service attack by manipulating one or more DNSSEC responses. This issue is known as the “KeyTrap” problem. One of the concerns is that, when...
Astra Linux – Vulnerability in bind9
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...
Astra Linux – Vulnerability in bind9
By flooding the target resolver with queries that exploit this flaw, an attacker can significantly impair the resolver’s performance, effectively denying legitimate clients access to the DNS resolution service...
MiracleLinux 9 : bind9.18-9.18.29-5.el9_7.4 (AXSA:2026-454:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-454:01 advisory. bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 Tenable has extracted the preceding description block directly from...
Linux Distros Unpatched Vulnerability : CVE-2026-3119
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incomin...
Linux Distros Unpatched Vulnerability : CVE-2026-3591
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may b...
Vulnerability fixed in BIND 9
ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...
TencentOS Server 4: bind9-next (TSSA-2025:0574)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0574 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Fedora: Security Advisory (FEDORA-2025-66fb3fa6b0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-44737
Name of the Vulnerable Software and Affected Versions Yandex Disk versions prior to 3.2.45.3275 Description A Search Order Hijacking issue exists in Yandex Disk on MacOS due to an uncontrolled search path element. This allows for exploitation of the system. Recommendations Update Yandex Disk to...
Unspecified Vulnerability in ISC BIND 9
ISC BIND 9 is a domain name system software from the ISC organization. A security vulnerability exists in ISC BIND 9 that stems from a weakness in the pseudo-random number generator, which can be exploited by an attacker to cause prediction of source ports and query IDs...
ISC BIND 9 安全漏洞
ISC BIND 9 is a Domain Name System software from the ISC organization. ISC BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39- S1, and 9.20.9-S1 through 9.20.13-S1, a security...
PT-2025-43373
Name of the Vulnerable Software and Affected Versions BIND versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. Description Due to a weakness in the...
Linux Distros Unpatched Vulnerability : CVE-2023-6516
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including...
USN-7526-1 bind9 vulnerability
It was discovered that Bind incorrectly handled certain DNS messages with invalid TSIG. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...
Astra Linux – Vulnerability in bind9
Resolver caches and authoritative zone databases that hold a significant number of Resource Records for the same hostname of any RTYPE may experience degraded performance as content is added or updated, as well as when handling client queries for this name. This issue affects BIND 9 versions 9.11...
Astra Linux – Vulnerability in bind9
It is possible to create a zone such that certain queries to it will generate responses containing numerous records in the Additional section. An attacker sending multiple such queries can cause either the authoritative server or an independent resolver to use excessive resources to process the...
Astra Linux – Vulnerability in bind9
Clients that use DNS-over-HTTPS DoH can exhaust the CPU and/or memory of a DNS resolver by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...