bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

The vulnerability of the BIND DNS server component, which allows a perpetrator to cause a service failure.

The vulnerability of the BIND DNS server component is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

RHEL 9 : bind and bind-dyndb-ldap security updates (Important) (RHSA-2024:1803)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1803 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

RHEL 9 : bind and bind-dyndb-ldap security updates (Important) (RHSA-2024:1800)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1800 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

bind9: Parsing large DNS messages may cause excessive CPU load

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...

Important: Red Hat Security Advisory: bind and dhcp security update

An update for bind and dhcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

Oracle Linux 9 : bind (ELSA-2024-1789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1789 advisory. - Add downstream change complementing CVE-2023-50387 - Prevent increased CPU load on large DNS messages CVE-2023-4408 - Prevent assertion failure when...

Oracle Linux 8 : bind / and / dhcp (ELSA-2024-1782)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1782 advisory. - Speed up parsing of DNS messages with many different names CVE-2023-4408 - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387...

AlmaLinux 9 : bind (ALSA-2024:1789)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1789 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

AlmaLinux 8 : bind and dhcp (ALSA-2024:1782)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1782 advisory. - The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS...

ALSA-2024:1782 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled

A flaw was found in the bind package which may result in a Denial of Service in named process. This is a result of a reachable assertion, leading named to prematurely terminate when both conditions are met: nxdomain-redirect for the queried domain is configured and the resolver receives a PTR...

bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution

A flaw was found in the bind package. This issue may allow an attacker to query in a DNS64 enabled resolver node with a domain name triggering a server-stale data, triggering a code assertion, and resulting in a crash of named processes. This can allow a remote unauthenticated user to cause a...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

bind9: Specific recursive query patterns may lead to an out-of-memory condition

A flaw was found in the named application, part of the bind9 package, which uses a cache database to speeds up DNS queries. To maintain its efficiency when running as a recursive name resolver, named performs a cache database clean up under certain conditions. This issue may allow an attacker to...

bind9: Parsing large DNS messages may cause excessive CPU load

A flaw was found in the bind package. This issue may allow a remote attacker with no specific privileges to craft a specially long DNS message leading to an excessive and uncontrolled CPU usage, the server being unavailable, and a Denial of Service...