The vulnerability of the DNS BIND server, related to the lack of use of the assert() function, allows a hacker to trigger a service failure.

The vulnerability of the BIND DNS server relates to the processing of the Write Directive DS. BIND waits for this processing to complete, or until the timeout interval expires. As a result, the resumedslookup function is called, but it does not check whether the previous selection has been...

K00032124: BIG-IP last hop kernel module vulnerability CVE-2015-5516

Security Advisory Description The BIG-IP last hop kernel module may leak memory when processing User Datagram Protocol UDP traffic. The memory leak may cause denial-of-service DoS conditions for the BIG-IP system. Impact The following configurations may allow a remote attacker to cause a memory...

SUSE CVE-2006-4096

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service crash via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty...

SUSE CVE-2009-0025

BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSAverify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077...

SUSE CVE-2010-0218

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired RD queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query...

SUSE CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...

SUSE CVE-2012-1667

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service daemon crash or data corruption or obta...

SUSE CVE-2015-8461

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via unspecified vectors...

SUSE CVE-2016-9131

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed response to an RTYPE ANY query...

SUSE CVE-2016-9444

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via a crafted DS resource record in an answer...

SUSE CVE-2017-3135

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 - 9.9.9-S7, 9.9.3 - 9.9.9-P5, 9.9.10b1,...

SUSE CVE-2017-3140

If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1...

SUSE CVE-2018-5737

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause...

SUSE CVE-2019-6468

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIN...

SUSE CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows or successfully guesses the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration doe...

SUSE CVE-2021-25216

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version an...

bind: DNS forwarders - cache poisoning vulnerability

A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This issue causes it to obtain and pass on potentially incorrect answers. This flaw allows a remote high...

The vulnerability of the DNS BIND server, related to improper management of internal resources, allows a perpetrator to carry out a DoS attack.

The vulnerability of the DNS BIND server is related to improper management of internal resources within the application when handling large delegations. Exploiting this vulnerability allows a malicious actor to carry out a DoS attack remotely...

bind: memory leak in ECDSA DNSSEC verification code

A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...

The vulnerability of the implementation of the Diffie-Hellman algorithm in the DNS BIND server allows a attacker to cause a service failure.

The vulnerability of the DNS BIND server’s Diffie-Hellman algorithm implementation is related to improper memory release before deleting last links during TKEY record processing. Exploiting this vulnerability allows an attacker to cause service failures remotely...