Lucene search
+L

147 matches found

f5
f5
added 2023/02/21 6:48 p.m.71 views

K16909: BIND vulnerability CVE-2015-5477

Security Advisory Description An error in the handling of TKEY queries can be exploited by an attacker for use as a denial-of-service vector, as a constructed packet can use the defect to trigger a REQUIRE assertion failure, causing BIND to exit. CVE-2015-5477 Impact A remote attacker may be able...

7.8CVSS7.2AI score0.91284EPSS
Exploits12Affected Software18
susecve
susecve
added 2023/02/15 5:16 a.m.4 views

SUSE CVE-2015-5477

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service REQUIRE assertion failure and daemon exit via TKEY queries...

7.8CVSS6.8AI score0.91284EPSS
Exploits12References13
susecve
susecve
added 2023/02/15 4:1 a.m.5 views

SUSE CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

8.1CVSS7.9AI score0.64161EPSS
Exploits0References25
susecve
susecve
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-25216

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version an...

8.1CVSS8.6AI score0.82367EPSS
Exploits0References6
bdu_fstec
bdu_fstec
added 2022/10/04 12:0 a.m.10 views

The vulnerability of the implementation of the Diffie-Hellman algorithm in the DNS BIND server allows a attacker to cause a service failure.

The vulnerability of the DNS BIND server’s Diffie-Hellman algorithm implementation is related to improper memory release before deleting last links during TKEY record processing. Exploiting this vulnerability allows an attacker to cause service failures remotely...

7.8CVSS6.5AI score0.01646EPSS
Exploits0References11Affected Software3
openvas
openvas
added 2022/09/23 12:0 a.m.17 views

ISC BIND DoS Vulnerability (CVE-2022-2906) - Linux

ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

7.5CVSS7.5AI score0.01646EPSS
Exploits0References1
redhatcve
redhatcve
added 2022/09/21 12:49 p.m.28 views

CVE-2022-2906

A flaw was found in the Bind package, where a flaw in ‘named’ can cause a small memory leak in key processing when using TKEY records in Diffie-Hellman mode with OpenSSL 3.0.0 and later versions. This flaw allows an attacker to gradually erode available memory to the point where ‘named’ crashes d...

7.5CVSS4.1AI score0.01646EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2022/09/21 10:15 a.m.6 views

CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service...

7.5CVSS7.4AI score0.01646EPSS
Exploits0References3
oraclelinux
oraclelinux
added 2021/11/16 12:0 a.m.41 views

bind security and bug fix update

32:9.11.26-6 - Use random entropy to generate unique TKEY identifiers 1980916 32:9.11.26-5 - Fix possible assertion failure iscrefcountcurrent == 0 in freerbtdb 1953056...

6.5CVSS7.4AI score0.0594EPSS
Exploits0
openvas
openvas
added 2021/06/09 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2015:1316-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.5AI score0.91284EPSS
Exploits12References4
zdi
zdi
added 2021/06/07 12:0 a.m.101 views

ISC BIND TKEY Query Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the lack of proper validation of...

8.1CVSS3.2AI score0.82367EPSS
Exploits0References1
zdi
zdi
added 2021/04/30 12:0 a.m.31 views

ISC BIND TKEY Query Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the lack of proper validation of...

3.7CVSS0.9AI score
Exploits0
osv
osv
added 2021/04/29 1:15 a.m.4 views

DEBIAN-CVE-2021-25216

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version an...

9.8CVSS8.5AI score0.82367EPSS
Exploits0References1
osv
osv
added 2021/03/05 11:2 a.m.3 views

OESA-2021-1041 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: BIND...

8.1CVSS7.5AI score0.64161EPSS
Exploits0References2
mageia
mageia
added 2021/03/04 4:53 p.m.41 views

Updated bind packages fix security vulnerability

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, which could result in denial of service daemon crash, or potentially the execution of arbitrary code CVE-2020-8625. The default configuration is not vulnerable to...

8.1CVSS4.3AI score0.64161EPSS
Exploits0References3
zdi
zdi
added 2021/02/24 12:0 a.m.56 views

ISC BIND TKEY Query Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ISC BIND. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of TKEY queries. The issue results from the lack of proper validation of the lengt...

8.1CVSS8.5AI score0.64161EPSS
Exploits0References1
osv
osv
added 2021/02/17 11:15 p.m.2 views

DEBIAN-CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

8.1CVSS7.1AI score0.64161EPSS
Exploits0References1
osv
osv
added 2021/02/17 11:15 p.m.4 views

ALPINE-CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

8.1CVSS7.6AI score0.64161EPSS
Exploits0References1
checkpoint_advisories
checkpoint_advisories
added 2020/12/22 12:0 a.m.10 views

ISC BIND TKEY Queries Assertion Failure (CVE-2015-5477)

A denial of service vulnerability has been reported in ISC BIND DNS servers. The vulnerability is due to the way that the DNS server improperly handles invalid TKEY resource records. A remote attacker may exploit this issue by sending a specially crafted DNS query to a DNS server. Successful...

7.8CVSS1.7AI score0.91284EPSS
Exploits12
githubexploit
githubexploit
added 2020/05/20 12:26 p.m.2413 views

Exploit for Reachable Assertion in Isc Bind

CVE-2020-8617 PoC for CVE-2020-8617 For educational purposes...

7.5CVSS7.7AI score0.93422EPSS
Exploits5
Rows per page
Query Builder