168 matches found
USN-6633-1 bind9 vulnerabilities
Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. CVE-2023-4408 Elias Heftrig, Haya Schulmann,...
UBUNTU-CVE-2023-50868
The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...
K000135252: BIND vulnerability CVE-2023-2829
Security Advisory Description A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9...
SUSE CVE-2023-2829
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
CVE-2023-2829
A vulnerability was found in BIND. This security flaw occurs when a named instance is configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled; remote termination can occur using a zone with a malformed...
CVE-2023-2829
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
AZL-27305 CVE-2023-2829 affecting package bind for versions less than 9.16.44-1
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
Design/Logic Flaw
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
CVE-2023-2829
CVE-2023-2829 affects BIND 9: named may terminate when synth-from-dnssec is enabled and a zone contains a malformed NSEC record. Affected versions are BIND 9.16.8-S1–9.16.41-S1 and 9.18.11-S1–9.18.15-S1. The issue is caused by parsing/processing of DNSSEC-cache data (NSEC) and can be triggered re...
CVE-2023-2829
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
ISC BIND 9.16.8-S1 < 9.16.42-S1 / 9.18.11-S1 < 9.18.16-S1 Vulnerability (cve-2023-2829)
The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2023-2829 advisory. - A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated...
PT-2023-21641 · Isc +1 · Bind 9 +1
Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.16.8-S1 through 9.16.41-S1 BIND 9 versions 9.18.11-S1 through 9.18.15-S1 Description: A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198...
CVE-2023-0853
Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF74...
Buffer overflow
Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF74...
CVE-2023-0853
Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. :Satera LBP660C Series/LBP620C Series/MF74...
CVE-2023-0853
CVE-2023-0853 affects Canon imageCLASS/LBP/ MF series printers. A stack-based buffer overflow in the mDNS NSEC record registering process can allow network-adjacent attackers to trigger a crash or arbitrary code execution. Canon firmware versions prior to 11.05 (11.04 and earlier) on Canon LBP660...
K16576941: ISC BIND vulnerability CVE-2018-5737
Security Advisory Description A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching...
SUSE CVE-2014-0591
The queryfindclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service INSIST assertion failure and daemon exit via a crafted DNS query to an authoritativ...