CVE-2026-3591

A flaw was found in BIND, specifically in the named server's handling of DNS queries signed with SIG0. A remote attacker could exploit this use-after-return vulnerability by sending a specially-crafted DNS request. This could cause an Access Control List ACL to improperly match an IP address,...

Vulnerability fixed in BIND 9

ICS has fixed a vulnerability in BIND 9. The vulnerability is located in certain versions of BIND 9, where malformed BRID/HHIT records can lead to the unexpected termination of the named service, which is critical for DNS resolution. This vulnerability allows attackers to crash the service throug...

CVE-2025-13878

Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...

Linux Distros Unpatched Vulnerability : CVE-2025-13878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17,...

EUVD-2022-42509

Malicious code in bioql PyPI...

EUVD-2022-40773

Malicious code in bioql PyPI...

AIX (IJ4442)

The version of AIX installed on the remote host is prior to APAR IJ4442. It is, therefore, affected by a vulnerability as referenced in the IJ4442 advisory. - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth ...

EulerOS 2.0 SP9 : bind (EulerOS-SA-2023-3323)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-3263)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K25244852: BIND vulnerability CVE-2018-5745

Security Advisory Description "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses...

K01713115: BIND vulnerability CVE-2019-6465

Security Advisory Description Controls for zone transfers may not be properly applied to Dynamically Loadable Zones DLZs if the zones are writable Versions affected: BIND 9.9.0 - 9.10.8-P1, 9.11.0 - 9.11.5-P2, 9.12.0 - 9.12.3-P2, and versions 9.9.3-S1 - 9.11.5-S3 of BIND 9 Supported Preview...

SUSE CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

ISC Releases Security Patches for New BIND DNS Software Vulnerabilities

The Internet Systems Consortium ISC has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain BIND 9 Domain Name System DNS software suite that could lead to a denial-of-service DoS condition. "A remote attacker could exploit these vulnerabilities to...

SUSE: Security Advisory (SUSE-SU-2022:3767-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : bind (ELSA-2022-6765)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6765 advisory. - Fix memory leak in ECDSA verify processing CVE-2022-38177 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

Debian DSA-5235-1 : bind9 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5235 advisory. Several vulnerabilities were discovered in BIND, a DNS server implementation. CVE-2022-2795 Yehuda Afek, Anat Bremler-Barr and Shani Stajnrod discovered that a fl...

Memory corruption

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

bind: TCP Pipelining doesn't limit TCP clients on a single connection

A flaw was found in the way bind limited the number of TCP clients that can be connected at any given time. A remote attacker could use one TCP client to send a large number of DNS requests over a single connection, causing exhaustion of the pool of file descriptors available to named, and...

bind: Limiting simultaneous TCP clients is ineffective

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...