CVE-2023-5679

A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through...

CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

ISC BIND Security Vulnerability

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND that stems from a problem in the query processing code that could lead to an assertion failure...

CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

PT-2024-14985 · Isc +9 · Bind 9 +9

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.16.0 through 9.16.45 BIND 9 versions 9.16.8-S1 through 9.16.45-S1 Description: The issue affects the named process running as a recursive resolver, which attempts to clean up its cache database using several methods, includi...

ISC BIND Security Vulnerability

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND that stems from a specific recursive query pattern that may result in out of memory...

PT-2024-1751

Vulnerability Report Name of the Vulnerable Software and Affected Versions BIND versions 9.16.48-1 through 9.18.24-1 Unbound versions 1.19.1-alt1 PDNS Recursor versions 4.8.6-1 Knot Resolver versions 5.6.0-1+deb12u1 systemd affected versions not specified dnsmasq affected versions not specified...

ISC BIND 9.16.12 < 9.16.48 / 9.16.12-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Assertion Failure (cve-2023-5679)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-5679 advisory. - A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive...

Slackware Linux 15.0 / current bind Multiple Vulnerabilities (SSA:2024-044-01)

The version of bind installed on the remote host is prior to 9.16.48 / 9.18.24. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-044-01 advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported...

UBUNTU-CVE-2023-5679

A bad interaction between DNS64 and serve-stale may cause named to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through...

UBUNTU-CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

ISC BIND 9.11.3-S1 < 9.16.48-S1 / 9.16.8-S1 < 9.16.48-S1 / 9.18.11-S1 < 9.18.24-S1 Vulnerability (cve-2023-5680)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-5680 advisory. - If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache...

ISC BIND 9.0.0 < 9.16.48 / 9.9.3-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Vulnerability (cve-2023-50387)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-50387 advisory. - Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause...

ISC BIND 9.16.0 < 9.16.48 / 9.16.8-S1 < 9.16.48-S1 Vulnerability (cve-2023-6516)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-6516 advisory. - To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database...

ISC BIND 9.12.0 < 9.16.48 / 9.16.8-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Assertion Failure (cve-2023-5517)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-5517 advisory. - A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is...

ISC BIND 9.9.3-S1 < 9.16.48-S1 / 9.0.0 < 9.16.48 / 9.16.8-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Vulnerability (cve-2023-4408)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-4408 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause...

Ubuntu 22.04 LTS / 23.10 : Bind vulnerabilities (USN-6633-1)

The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6633-1 advisory. Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote...

ISC BIND 9.0.0 < 9.16.48 / 9.9.3-S1 < 9.16.48-S1 / 9.18.0 < 9.18.24 / 9.18.11-S1 < 9.18.24-S1 / 9.19.0 < 9.19.21 Vulnerability (cve-2023-50868)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-50868 advisory. - The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attacker...

UBUNTU-CVE-2023-4408

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects bot...

UBUNTU-CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...