ALPINE-CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

ROS-20250716-01

DNS BIND server vulnerability is related to asymmetric resource consumption. Exploiting the vulnerability Allows a remote attacker to cause a denial of service...

ROS-20250710-01

Vulnerability in the DoH implementation of the DNS BIND server is related to the allocation of unlimited memory. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

The vulnerability of the DNS BIND server implementation of DoH, related to the allocation of unlimited memory, allows a attacker to cause a service failure.

The vulnerability of the DNS BIND server implementation related to the allocation of unlimited memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

Advisory ROSA-SA-2025-2866

Software: bind 9.11.4 OS: rosa-server79 packageevrstring: bind-9.11.4-26.0.2.P2.res7.16 CVE-ID: CVE-2024-11187 BDU-ID: 2025-01459 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the DNS BIND server is related to asymmetric resource consumption. Exploitation of the vulnerability allows an attacker...

AZL-61972 CVE-2025-40775 affecting package bind for versions less than 9.20.9-1

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

Linux Distros Unpatched Vulnerability : CVE-2018-5745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

bind: bind9: Many records in the additional section cause CPU exhaustion

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

The vulnerability of the DNS BIND server, related to asymmetric resource consumption, allows attackers to cause service failures.

The vulnerability of the DNS BIND server is related to asymmetric resource consumption. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...

ALPINE-CVE-2024-11187

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

bind9: bind: SIG(0) can be used to exhaust CPU resources

A flaw was found in the bind9 package, where if a DNS server hosts a zone containing a "KEY" resource record or a DNS resolver utilizes the DNSSEC validate feature to validate a "KEY" resource record, a malicious client could exhaust the CPU resourced from the resolver by sending a stream of SIG0...

bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content

A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server...

bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content

A flaw was found in the bind9 package, where a client query triggers stale data and also requires local lookups may trigger a assertion failure. This issue results in a denial of service of the bind server...

bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam

A flaw was found in the bind9 package, where a hostname with significant resource records may slow down bind's resolver cache and authoritative zone databases while these records are being added or updated. In addition, client queries for the related hostname may cause the same issue. This...

The vulnerability of the BIND DNS server, related to the unlimited distribution of resources, allows attackers to cause service failures.

The vulnerability of the BIND DNS server is related to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service failures when there are a large number of resource records for the same domain name...

ALPINE-CVE-2024-1975

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...

ISC BIND 安全漏洞

ISC BIND is an ISC open source suite of open source software that implements the DNS protocol. A security vulnerability exists in ISC BIND 9, which stems from an assertion failure when both stale cached data and authoritative zone content are provided...

bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...