Lucene search
K

184 matches found

CVE
CVE
added 2013/07/26 11:0 p.m.466 views

CVE-2013-4854

CVE-2013-4854 affects ISC BIND, where the RFC 5011 RDATA handling in rdata.c can trigger an assertion failure during log message construction when processing a malformed RDATA, allowing remote DoS with named exiting. Vulnerable ranges include BIND 9.7.x and 9.8.x before 9.8.5-P2 and 9.8.6b1, 9.9....

7.8CVSS5.6AI score0.3415EPSS
CVE
CVE
added 2012/10/10 9:0 p.m.461 views

CVE-2012-5166

Summary (CVE-2012-5166) The BIND DNS server (named) is vulnerable to a remote DoS when specific combinations of RDATA are loaded in a query target, causing the server to lock up or crash. In affected environments using BIG-IP/F5 implementations, multiple product lines list vulnerable BIND compone...

7.8CVSS8.2AI score0.34196EPSS
CVE
CVE
added 2024/02/13 2:4 p.m.457 views

CVE-2023-5517

CVE-2023-5517 is a BIND vulnerability where a flaw in query-handling can cause named to exit with an assertion failure when nxdomain-redirect is configured and a PTR query for an RFC 1918 address would yield NXDOMAIN. Affected: BIND 9.x (various 9.12.0–9.19.19 and related 9.16/9.18 ranges; versio...

7.5CVSS7.5AI score0.01231EPSS
CVE
CVE
added 2016/03/09 11:0 p.m.454 views

CVE-2016-1285

CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...

6.8CVSS7.2AI score0.59143EPSS
CVE
CVE
added 2016/07/06 2:0 p.m.441 views

CVE-2016-6170

CVE-2016-6170 affects ISC BIND up to 9.11.0b1 (and related 9.9.9-P1, 9.10.x, etc.). The provided records describe a denial-of-service risk: a primary DNS server can crash a secondary server via a large AXFR, IXFR responses, and an authenticated UPDATE could crash the primary. Documented affected ...

6.5CVSS6.2AI score0.40536EPSS
CVE
CVE
added 2012/09/14 12:0 a.m.438 views

CVE-2012-4244

CVE-2012-4244 affects BIND 9.x with RDATA values exceeding 65535 bytes, enabling remote DoS via assertion failure in the named daemon. Connected advisories confirm a broad impact across multiple distributions and products (FreeBSD SA-12:06.bind; CentOS/RHEL updates; Fedora package updates; F5 adv...

7.8CVSS6.2AI score0.36798EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.436 views

CVE-1999-0024

CVE-1999-0024 describes a DNS cache-poisoning flaw in BIND caused by predictable DNS query IDs. The connected sources consistently state DNS cache poisoning via BIND, with related discussions in Red Hat/Security advisories and CERT context. The materials do not provide a concrete patch version or...

5CVSS6.7AI score0.04935EPSS
CVE
CVE
added 2010/12/03 8:0 p.m.432 views

CVE-2010-3615

The CVE-2010-3615 vulnerability affects ISC BIND (DNS server) in the 9.7.2-P2 release where not all intended locations for allow-query ACLs are checked, enabling remote attackers to query private DNS records via standard DNS queries. Public advisories document this issue and reference fixes in ne...

5CVSS9.1AI score0.09728EPSS
In wild
CVE
CVE
added 2020/08/21 8:50 p.m.431 views

CVE-2020-8624

CVE-2020-8624 affects BIND's update-policy rules of type "subdomain". The flaw allows an attacker with limited zone-content privileges to modify other zone contents. Reports across distros indicate the vulnerability impacts various BIND 9.x releases; confirmed fixes include patched BIND versions ...

4.3CVSS6.1AI score0.0364EPSS
CVE
CVE
added 2012/07/25 10:0 a.m.416 views

CVE-2012-3817

CVE-2012-3817 affects BIND when DNSSEC validation is enabled. Under high query load, BIND could use data from the failing-query cache before it is fully initialized, causing an assertion failure and resulting in a denial of service (remote crash of named). Affected ranges include various 9.4.x–9....

7.8CVSS8.1AI score0.27383EPSS
CVE
CVE
added 2019/11/26 4:11 p.m.410 views

CVE-2019-6477

CVE-2019-6477 affects BIND (DNS server). It allows TCP-pipelined queries to bypass per-connection tcp-client limits, potentially causing denial of service by exhausting server resources and making the service unresponsive. Affected distributions reference patched releases: Debian DSA-4689-1 notes...

7.5CVSS7.6AI score0.04022EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.399 views

CVE-2019-6471

CVE-2019-6471 is a race-condition vulnerability in ISC BIND where discarding malformed packets can trigger a REQUIRE assertion failure in dispatch.c, causing named to exit and produce a DoS. Affected versions include BIND 9.11.0–9.11.7, 9.12.0–9.12.4-P1, 9.14.0–9.14.2, all 9.13 development releas...

5.9CVSS5.8AI score0.03271EPSS
CVE
CVE
added 2015/02/19 2:0 a.m.398 views

CVE-2015-1349

CVE-2015-1349 affects ISC BIND 9.7.0–9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2 when DNSSEC validation and managed-keys are enabled. A remote attacker can cause named to crash via an incorrect trust-anchor management scenario with no key ready for use, resulting in DoS. Public disclosures ...

5.4CVSS8.2AI score0.22168EPSS
In wild
CVE
CVE
added 2014/01/14 2:0 a.m.374 views

CVE-2014-0591

CVE-2014-0591 affects ISC BIND 9.6, 9.7, 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2 (and 9.6-ESV before 9.6-ESV-R10-P2) where the query_findclosestnsec3 function in query.c can be triggered by crafted DNS queries to an authoritative server using NSEC3 signing. The result is a denial of service m...

2.6CVSS5.8AI score0.31671EPSS
CVE
CVE
added 2020/08/21 8:50 p.m.358 views

CVE-2020-8620

CVE-2020-8620 affects BIND 9.15.6–9.16.5 and 9.17.0–9.17.3, where libuv-based TCP handling allows an attacker to send data to trigger an assertion failure and crash the server. The vulnerability stems from an incorrectly specified maximum buffer size that can be exploited by a specially crafted l...

7.5CVSS7.3AI score0.03663EPSS
CVE
CVE
added 2022/03/23 10:45 a.m.342 views

CVE-2022-0396

CVE-2022-0396 affects BIND’s TCP stream handling in 9.16.11–9.16.26 (and 9.17.0–9.18.0 for DP/G‑ed editions). The flaw allows specially crafted TCP streams to keep connections in CLOSE_WAIT indefinitely, enabling denial of service on affected servers. Connected advisories indicate fixes in newer ...

5.3CVSS5.9AI score0.02617EPSS
CVE
CVE
added 2024/02/13 2:5 p.m.342 views

CVE-2023-5680

CVE-2023-5680 concerns ISC BIND 9 where, when a resolver cache stores a very large number of ECS records for the same name, cleaning the cache database node for that name can cause the query path to suffer significantly in performance. Affected versions include 9.11.3-S1 through 9.11.37-S1, 9.16....

5.3CVSS5AI score0.00624EPSS
CVE
CVE
added 2008/07/08 11:0 p.m.338 views

CVE-2008-1447

CVE-2008-1447 describes a DNS cache poisoning vulnerability known as the Kaminsky bug, arising from weak randomness in DNS transaction IDs and source ports. It affected BIND 8/9 (many versions) and Microsoft DNS on Windows platforms, enabling remote attackers to spoof DNS responses to recursive r...

6.8CVSS6.6AI score0.95182EPSS
CVE
CVE
added 2016/01/20 3:0 p.m.331 views

CVE-2015-8704

CVE-2015-8704 affects ISC BIND 9.x; the vulnerability is in apl_42.c where malformed Address Prefix List (APL) data can trigger an INSIST assertion failure, causing the named process to terminate and a potential DoS. Affected: BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3. Exploita...

6.8CVSS6.4AI score0.20172EPSS
CVE
CVE
added 2015/09/05 1:0 a.m.322 views

CVE-2015-5722

CVE-2015-5722 affects ISC BIND: a DoS via parsing a malformed DNSSEC key triggers an assertion failure in buffer.c, causing the validating resolver to exit. A remote attacker can exploit this with a crafted DNS query for a zone containing a malformed key. The vulnerability exists in BIND 9.x befo...

7.8CVSS7.1AI score0.33652EPSS
CVE
CVE
added 2016/10/21 10:0 a.m.315 views

CVE-2016-2848

ISC BIND vulnerability CVE-2016-2848 affects BIND 9.1.0–9.8.4-P2 and 9.9.0–9.9.2-P2, allowing remote attackers to cause a denial of service (assertion failure and daemon exit) by sending malformed options data in an OPT resource record. Exploitation is via specially crafted DNS packets; impact is...

7.5CVSS7.2AI score0.25772EPSS
CVE
CVE
added 2015/07/29 2:0 p.m.305 views

CVE-2015-5477

CVE-2015-5477 affects ISC BIND 9.x prior to 9.9.7-P2 and 9.10.x prior to 9.10.2-P3. Root cause: improper handling of TKEY DNS resource records causes an assertion failure, forcing the named daemon to exit and potentially crash. Impact: remote denial of service via crafted TKEY queries. Remediatio...

7.8CVSS7.2AI score0.91284EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.303 views

CVE-2010-0382

CVE-2010-0382 affects ISC BIND 9.0.x–9.3.x and several newer 9.4/9.5/9.6/9.7 builds with DNSSEC validation enabled. The issue arises from a regression during the fix for CVE-2009-4022 and allows a remote attacker to influence a response via out-of-bailiwick data without re-fetching from the origi...

7.6CVSS7.6AI score0.07235EPSS
CVE
CVE
added 2009/07/29 5:0 p.m.300 views

CVE-2009-0696

CVE-2009-0696 affects ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1. When a BIND master server processes a crafted dynamic update message containing an ANY prerequisite, an attacker can trigger an assertion failure that causes named to exit, i.e., a denial-of-service ...

4.3CVSS5.8AI score0.12649EPSS
CVE
CVE
added 2013/03/28 4:0 p.m.298 views

CVE-2013-2266

CVE-2013-2266 affects ISC BIND’s libdns, allowing remote attackers to trigger a denial of service by sending a crafted regular expression that drives memory usage. Affected are BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2. Several ven...

7.8CVSS8AI score0.42851EPSS
CVE
CVE
added 2009/11/25 4:0 p.m.293 views

CVE-2009-4022

CVE-2009-4022 affects ISC BIND 9.0.x–9.3.x, and 9.4.x prior to 9.4.3-P4, 9.5 prior to 9.5.2-P1, 9.6 prior to 9.6.1-P2, and 9.7 beta prior to 9.7.0b3, when DNSSEC validation is enabled and DO checks are used, allowing remote cache-poisoning via crafted Additional sections in responses to recursive...

2.6CVSS7.7AI score0.07952EPSS
CVE
CVE
added 2013/11/08 2:0 a.m.289 views

CVE-2013-6230

CVE-2013-6230 concerns ISC BIND and Windows Winsock: the WSAIoctl SIO_GET_INTERFACE_LIST path misinterprets the netmask 255.255.255.255, allowing remote bypass of IP address restrictions. Public details show affected BIND lines include 9.6-ESV to 9.9.x series; Windows Server 2008 usage is cited. ...

6.8CVSS6.8AI score0.05706EPSS
CVE
CVE
added 2020/06/17 9:20 p.m.280 views

CVE-2020-8618

CVE-2020-8618 affects BIND. An assertion in rdataset.c can be incorrectly triggered by large zone transfers, allowing a remote attacker to deny service to clients. Public advisories confirm mitigation via upgrading to BIND 9.16.4+ (e.g., Arch Linux ASA-202006-13 lists 9.16.4-1 as the fix; upstrea...

4.9CVSS5.2AI score0.01833EPSS
CVE
CVE
added 2009/01/07 5:0 p.m.274 views

CVE-2009-0025

CVE-2009-0025 describes a flaw in BIND 9.6.0 and earlier where the OpenSSL DSA_verify return value is not properly checked, enabling remote attackers to bypass certificate-chain validation via a malformed SSL/TLS signature. F5 advisories reference this as a related vulnerability to CVE-2008-5077 ...

6.8CVSS7.1AI score0.0686EPSS
CVE
CVE
added 2017/01/12 6:6 a.m.266 views

CVE-2016-9444

CVE-2016-9444 affects ISC BIND 9.x; a crafted DS resource record in an answer can cause the named DNS server to crash via an assertion failure, if the BIND recursion option is enabled. The vulnerability is exploited remotely by an unauthenticated attacker and may cause the named process to exit (...

7.5CVSS7.2AI score0.18124EPSS
CVE
CVE
added 2019/10/30 1:43 p.m.265 views

CVE-2018-5742

CVE-2018-5742 describes an assertion failure in BIND9 caused by a backport-related path in buffer.c:420, leading to a crash (denial of service). Affected are Red Hat family packages: bind-9.9.4-65.el7 through 9.9.4-72.el7, with no ISC releases affected; other distributions that replicated the err...

7.5CVSS6.3AI score0.01575EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.260 views

CVE-2018-5744

CVE-2018-5744 is a memory freeze/DoS in BIND caused by a failure to free memory when processing EDNS option combinations. Affected are BIND 9.10.7–9.10.8-P1, 9.11.3–9.11.5-P1, 9.12.0–9.12.3-P1, 9.10.7-S1–9.11.5-S3 (SPE), and 9.13.0–9.13.6 in the development line. Public advisories (e.g., Arch Lin...

7.5CVSS7.4AI score0.03353EPSS
CVE
CVE
added 2008/09/22 5:0 p.m.259 views

CVE-2008-4163

CVE-2008-4163 affects ISC BIND 9 for Windows: 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1. Described as an unspecified vulnerability that allows remote attackers to cause a denial of service by terminating the UDP client handler, via unknown vectors. Multiple connected sources (Red Hat, Ubuntu, Deb...

7.8CVSS6.5AI score0.04651EPSS
CVE
CVE
added 2020/08/21 8:50 p.m.252 views

CVE-2020-8621

CVE-2020-8621 affects BIND when QNAME minimization is enabled together with forward-first forwarding, potentially causing the server to crash. The vulnerable ranges are BIND 9.14.0–9.16.5 and 9.17.0–9.17.3; forward-only configurations are not affected. The issue is due to an assertion failure in ...

7.5CVSS7.3AI score0.02944EPSS
CVE
CVE
added 2010/12/03 8:0 p.m.245 views

CVE-2010-3614

The CVE-2010-3614 issue affects ISC BIND 9.x where DNSKEY algorithm rollover can cause the server to misdetermine the NS RRset security status, potentially triggering DNSSEC validation errors and a denial of service. Public advisories and vendor notes (e.g., Debian DSA-2130-1, CentOS/RH advisorie...

6.4CVSS8.2AI score0.1692EPSS
In wild
CVE
CVE
added 2012/02/08 8:0 p.m.243 views

CVE-2012-1033

The CVE-2012-1033 issue affects ISC BIND 9 up to 9.8.1-P1, where the resolver overwrites cached NS records and TTLs during handling of an A query response. This can allow remote attackers to trigger continued resolvability of revoked domain names via a ghost domain names attack. Public Nessus/IDS...

5CVSS8.1AI score0.13538EPSS
CVE
CVE
added 2022/09/21 10:15 a.m.239 views

CVE-2022-3080

CVE-2022-3080 affects ISC BIND: a DoS in named where a resolver can crash after receiving specially crafted queries when stale-cache/stale-answers options are used (zero stale-answer-timeout with a stale CNAME). Public advisories (IBM AIX, ALMAS/AlmaLinux, Cloud Foundry, Debian/Ubuntu notes) desc...

7.5CVSS7.5AI score0.01555EPSS
CVE
CVE
added 2011/05/31 8:0 p.m.235 views

CVE-2011-1910

The CVE-2011-1910 issue is an off-by-one vulnerability in ISC BIND named (affecting 9.x up to 9.7.3-P1, 9.8.x up to 9.8.0-P2, 9.4-ESV up to 9.4-ESV-R4-P1, and 9.6-ESV up to 9.6-ESV-R4-P1). A remote DNS server can cause a denial of service (assertion failure and daemon exit) by sending a negative ...

5CVSS8.1AI score0.24638EPSS
In wild
CVE
CVE
added 2011/11/29 5:0 p.m.224 views

CVE-2011-4313

Description summary: CVE-2011-4313 affects ISC BIND 9.0.x–9.9.0b1 and can cause a remote denial of service (assertion failure and named exit) triggered by certain recursive DNS query handling and the caching of an invalid record. Root cause / impact: the issue is tied to the resolver’s processing...

5CVSS8AI score0.16747EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.221 views

CVE-2010-0097

CVE-2010-0097 affects ISC BIND 9.x where DNSSEC validation of NSEC/NSEC3 records is flawed, enabling remote attackers to add the AD flag to forged NXDOMAIN responses for an existing domain. Public advisories confirm fixes in later BIND releases (upstream: 9.6-ESV-R1 and 9.7.0.dfsg) and point to u...

4.3CVSS7.7AI score0.09363EPSS
CVE
CVE
added 2023/06/21 4:26 p.m.221 views

CVE-2023-2829

CVE-2023-2829 affects BIND 9: named may terminate when synth-from-dnssec is enabled and a zone contains a malformed NSEC record. Affected versions are BIND 9.16.8-S1–9.16.41-S1 and 9.18.11-S1–9.18.15-S1. The issue is caused by parsing/processing of DNSSEC-cache data (NSEC) and can be triggered re...

7.5CVSS7.7AI score0.00868EPSS
CVE
CVE
added 2010/01/22 9:20 p.m.217 views

CVE-2010-0290

CVE-2010-0290 is described in connected F5 advisories as an ISC BIND cache-poisoning vulnerability affecting BIND 9.0.x–9.3.x, 9.4 up to 9.4.3-P5, 9.5 up to 9.5.2-P2, 9.6 up to 9.6.1-P3, and 9.7.0 beta, when DNSSEC validation is enabled and CD checking is disabled. The attack involves receiving a...

4CVSS7.8AI score0.06775EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.212 views

CVE-2017-3135

ISC BIND 9 DNS64 and RPZ combined can crash the server. CVE-2017-3135 causes an assertion failure or NULL pointer dereference when query responses are rewritten with both DNS64 and RPZ enabled, leading to a denial of service. Affected versions include BIND 9.8.8 and 9.9.3–9.9.9 (S1–S7/P5), 9.9.10...

7.5CVSS6.4AI score0.17108EPSS
CVE
CVE
added 2023/09/20 12:32 p.m.211 views

CVE-2023-4236

CVE-2023-4236 affects BIND 9 to include versions 9.18.0–9.18.18 and 9.18.11-S1–9.18.18-S1. The issue is a flaw in the DNS-over-TLS networking code that can cause an assertion failure, leading to an unexpected termination of named under heavy DNS-over-TLS query load. The practical consequence is a...

7.5CVSS7.5AI score0.0215EPSS
CVE
CVE
added 2016/01/20 3:0 p.m.206 views

CVE-2015-8705

ISC BIND 9.10.x is vulnerable to CVE-2015-8705 due to a bug in buffer.c (named) when debug logging is enabled. The issue allows remote attackers to trigger a denial of service by exploiting how OPT data or ECS options are formatted to text, potentially causing a REQUIRE assertion failure and daem...

7CVSS7.1AI score0.07654EPSS
CVE
CVE
added 2022/05/19 9:55 a.m.202 views

CVE-2022-1183

CVE-2022-1183 describes an assertion-failure termination in the named daemon on vulnerable BIND configurations that reference http in listen-on statements. Affected are BIND 9.18.0–9.18.2 and BIND 9.19.0 (development branch); configurations using DoT are unaffected, while DoT/DoH deployments may ...

7.5CVSS7.3AI score0.04531EPSS
CVE
CVE
added 2013/01/25 11:0 a.m.200 views

CVE-2012-5689

The CVE-2012-5689 issue affects ISC BIND 9.8.x–9.9.2-P1 when DNS64 with RPZ is used without an AAAA rewrite rule, allowing remote attackers to cause a DoS via an AAAA query (assertion failure and named exit). Affected configurations point to DNS64 + RPZ Rewriting; mitigation in practice is to ens...

7.1CVSS7.9AI score0.12036EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.195 views

CVE-2018-5738

The CVE-2018-5738 issue in BIND stems from Change #4777, causing a regression where, when recursion is enabled, recursion could be allowed to all clients if no match lists are set for allow-query-cache/allow-query. Affected: BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0→9.12.1-P2, 9.13.0 (development), plu...

7.5CVSS6.2AI score0.1107EPSS
CVE
CVE
added 2023/06/21 4:26 p.m.195 views

CVE-2023-2911

CVE-2023-2911 affects BIND 9 up to fixed versions in various distros. The issue occurs when the recursive-clients quota is reached with stale-answer-client-timeout 0, potentially causing named to loop and terminate due to a stack overflow. Public details list affected ranges (9.16.33–9.16.41, 9.1...

7.5CVSS7.6AI score0.02575EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.194 views

CVE-2018-5734

The CVE-2018-5734 issue concerns ISC BIND where handling a malformed DNS request causes an assertion failure in badcache.c due to selecting SERVFAIL instead of FORMERR. Affected versions are BIND 9.10.5-S1 to 9.10.5-S4 and 9.10.6-S1/S2. The connected documents describe the root cause as an incorr...

7.5CVSS7.3AI score0.06236EPSS
Total number of security vulnerabilities184