Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Bind vulnerabilities (USN-6390-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6390-1 advisory. It was discovered that Bind incorrectly handled certain control channel messages. A remote attacker with access to the control channe...

CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...

ISC BIND Security Vulnerability

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in BIND version 9, which stems from an unexpected termination due to an assertion failure...

ISC BIND 9.2.0 < 9.16.44 / 9.9.3-S1 < 9.16.44-S1 / 9.18.0 < 9.18.19 / 9.18.0-S1 < 9.18.19-S1 / 9.19.0 < 9.19.17 Vulnerability (cve-2023-3341)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-3341 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing...

ISC BIND 9.18.0 < 9.18.19 / 9.18.11-S1 < 9.18.19-S1 Assertion Failure (cve-2023-4236)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-4236 advisory. - A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion...

UBUNTU-CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory,...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2854)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ISC BIND DoS Vulnerability (CVE-2023-4236) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND DoS Vulnerability (CVE-2023-3341) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND DoS Vulnerability (CVE-2023-3341) - Windows

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

ISC BIND DoS Vulnerability (CVE-2023-4236) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2837)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18...

UBUNTU-CVE-2023-35683

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Security Bulletin: Vulnerability in BIND affects IBM Integrated Analytics System (Sailfish)[CVE-2023-2828]

Summary The BIND package is used by IBM Integrated Analytics System. The IBM Integrated Analytics System had addressed the applicable CVE CVE-2023-2828. Vulnerability Details CVEID:CVE-2023-2828 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw that allows the named's...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2802)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2778)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-5379 · Isc +4 · Bind 9 +4

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.18.0 through 9.18.18 BIND 9 versions 9.18.11-S1 through 9.18.18-S1 Description: A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens...

ROS-20230907-03

The vulnerability in the BIND DNS server is related to a stack buffer overflow when BIND is acting as a "resolver" when the number of recursive queries has reached an acceptable maximum and the server settings have been configured. "resolver", when the number of recursive queries has reached an...

Security Bulletin: AIX is vulnerable to denial of service due to ISC BIND (CVE-2023-2828)

Summary A vulnerability in ISC BIND could allow a remote attacker to cause a denial of service CVE-2023-2828. AIX uses ISC BIND as part of its DNS functions. Vulnerability Details CVEID:CVE-2023-2828 DESCRIPTION: ISC BIND is vulnerable to a denial of service, caused by a flaw that allows the...