Astra Linux - уязвимость в bind9

It is possible to create a zone such that certain queries to it will generate responses containing numerous records in the Additional section. An attacker sending multiple such queries can cause either the authoritative server or an independent resolver to use excessive resources to process the...

Astra Linux - уязвимость в bind9

Resolver caches and authoritative zone databases that hold a significant number of Resource Records for the same hostname of any RTYPE may experience degraded performance as content is added or updated, as well as when handling client queries for this name. This issue affects BIND 9 versions 9.11...

Astra Linux - уязвимость в bind9

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...

Astra Linux - уязвимость в unbound, bind9, dnsmasq

Certain aspects of the DNS protocol’s DNSSEC mechanism described in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service attack by manipulating one or more DNSSEC responses. This issue is known as the “KeyTrap” problem. One of the concerns is that, when...

MiracleLinux 9 : bind9.18-9.18.29-5.el9_7.4 (AXSA:2026-454:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-454:01 advisory. bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 Tenable has extracted the preceding description block directly from...

Linux Distros Unpatched Vulnerability : CVE-2026-3591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may b...

Linux Distros Unpatched Vulnerability : CVE-2026-3119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incomin...

PT-2025-43373

Name of the Vulnerable Software and Affected Versions BIND versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. Description Due to a weakness in the...

ISC BIND 9 安全漏洞

ISC BIND 9 is a Domain Name System software from the ISC organization. ISC BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39- S1, and 9.20.9-S1 through 9.20.13-S1, a security...

Linux Distros Unpatched Vulnerability : CVE-2023-6516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including...

USN-7526-1 bind9 vulnerability

It was discovered that Bind incorrectly handled certain DNS messages with invalid TSIG. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

ALPINE-CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

PT-2024-14985 · Isc +9 · Bind 9 +9

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.16.0 through 9.16.45 BIND 9 versions 9.16.8-S1 through 9.16.45-S1 Description: The issue affects the named process running as a recursive resolver, which attempts to clean up its cache database using several methods, includi...

USN-4468-1 bind9 vulnerabilities

Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. CVE-2020-8620 Joseph Gullo discovered that Bind incorrectly handled...

USN-4026-1 bind9 vulnerability

It was discovered that Bind incorrectly handled certain malformed packets. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

USN-3683-1 bind9 vulnerability

Andrew Skalski discovered that Bind could incorrectly enable recursion when the "allow-recursion" setting wasn't specified. This issue could improperly permit recursion to all clients, contrary to expectations...

USN-3346-1 bind9 vulnerabilities

Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone update requests. An attacker could use this to improperly perform zone updates. CVE-2017-3143 Clément Berthaux discovered that Bind did not correctly check TSIG authentication for zone transfer requests. An...

USN-2837-1 bind9 vulnerability

It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service...