K11742512: BIND vulnerability CVE-2022-2795

Security Advisory Description By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. CVE-2022-2795 Impact A flaw in resolver code can cause name...

K27155546: BIND vulnerability CVE-2022-38177

Security Advisory Description By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. CVE-2022-38177 Impact There i...

K01369521: bind vulnerability CVE-2022-0667

Security Advisory Description When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 CVE-2022-0667 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for...

K97810133: BIND vulnerability CVE-2020-8616

Security Advisory Description A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an...

K14204: BIND vulnerability CVE-2011-4313

Security Advisory Description ISC reports that query.c in BIND may allow remote attackers to cause a denial-of-service assertion failure and named exit. The vulnerability uses unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. Th...

K25244852: BIND vulnerability CVE-2018-5745

Security Advisory Description "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses...

K01713115: BIND vulnerability CVE-2019-6465

Security Advisory Description Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview...

K18829561: BIND vulnerability CVE-2016-2776

Security Advisory Description Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a...

K75501540: BIND vulnerability CVE-2018-5738

Security Advisory Description Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has...

K13591074: BIND vulnerability CVE-2020-8625

Security Advisory Description BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setti...

K19807532: BIND vulnerability CVE-2020-8619

Security Advisory Description The asterisk character "" is allowed in DNS zone files, where it is most commonly present as a wildcard at a terminal node of the Domain Name System graph. However, the RFCs do not require and BIND does not enforce that an asterisk character be present only at a...

K08613310: BIND vulnerability CVE-2017-3145

Security Advisory Description BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. CVE-2017-3145 Impact BIG-IP A remote attacker can use this flaw to make...

K86272821: BIND vulnerability CVE-2016-9131

Security Advisory Description named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via a malformed response to an RTYPE ANY query. CVE-2016-9131 Impact When the BIND...

K74009656: BIND vulnerability CVE-2018-5743

Security Advisory Description By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was...

K10092301: BIND vulnerability CVE-2019-6471

Security Advisory Description A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 - 9.11.7, 9.12.0 - 9.12.4-P1, 9.14.0 - 9.14.2. Also all releases of the BIND 9.13 developmen...

K04713734: BIND vulnerability CVE-2018-5741

Security Advisory Description To provide fine-grained controls over the ability to use Dynamic DNS DDNS to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the ke...

K51740320: BIND vulnerability CVE-2019-6468

Security Advisory Description In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet ECS features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion...

K29538335: BIND vulnerability CVE-2019-6467

Security Advisory Description A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in...

K62210928: BIND vulnerability CVE-2020-8618

Security Advisory Description An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. CVE-2020-8618 Impact There is no impact; F5 products are not...

K02663161: BIND vulnerability CVE-2020-8622

Security Advisory Description In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a...