bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...

The vulnerability of the BIND DNS server component, which allows a perpetrator to cause a service failure.

The vulnerability of the BIND DNS server component is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

bind9: Specific recursive query patterns may lead to an out-of-memory condition

A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...

bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...

bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...

bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...

The vulnerability of the DNSSEC component of the DNS server BIND implementation allows a attacker to cause service failures.

The vulnerability of DNSSEC implementation in DNS server BIND is related to algorithmic complexity and unlimited resource distribution during the creation of a DNS zone. Exploiting this vulnerability can allow a malicious actor to cause service failures...

AZL-34350 CVE-2023-50387 affecting package bind for versions less than 9.16.48-1

Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...

ALPINE-CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...

AZL-34353 CVE-2023-4408 affecting package bind for versions less than 9.16.48-1

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

bind: flooding with UPDATE requests may lead to DoS

A flaw was found in Bind, where sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This issue may cause named to slow down due to a lack of free memory, resulting in a denial of service DoS...

The vulnerability of the DNS BIND server, related to insufficient validation of input data, allows attackers to cause service failures.

The vulnerability of the DNS BIND server is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the DNS BIND server, related to the lack of use of the assert() function, allows a hacker to trigger a service failure.

The vulnerability of the DNS BIND server is related to the lack of use of the assert function. Exploiting this vulnerability allows a remote attacker to cause service failures...

Denial Of Service (DoS)

bind is vulnerable to Denial of Service DoS. An attacker could exploit this vulnerability by sending a malicious DNS packet to a vulnerable named server. Once the vulnerability is exploited, the attacker could take control of the server and steal data, install malware, or disrupt service...

The vulnerability of the DNS-server BIND daemon, which allows a hacker to cause a service failure.

The vulnerability of the DNS-server BIND daemon is related to the escape of operations beyond the buffer in memory due to uncontrolled recursion during the processing of incoming packets. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted...

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium ISC have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service DoS and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new...

UBUNTU-CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

bind: named's configured cache size limit can be significantly exceeded

A vulnerability was found in BIND. The effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to exceed significantly...

AZL-27305 CVE-2023-2829 affecting package bind for versions less than 9.16.44-1

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND 9, which stems from the fact that named instances can be remotely terminated using a zone with a misformatted NSEC record, which can be exploited by an...