184 matches found
CVE-2013-4854
CVE-2013-4854 affects ISC BIND, where the RFC 5011 RDATA handling in rdata.c can trigger an assertion failure during log message construction when processing a malformed RDATA, allowing remote DoS with named exiting. Vulnerable ranges include BIND 9.7.x and 9.8.x before 9.8.5-P2 and 9.8.6b1, 9.9....
CVE-2012-5166
Summary (CVE-2012-5166) The BIND DNS server (named) is vulnerable to a remote DoS when specific combinations of RDATA are loaded in a query target, causing the server to lock up or crash. In affected environments using BIG-IP/F5 implementations, multiple product lines list vulnerable BIND compone...
CVE-2023-5517
CVE-2023-5517 is a BIND vulnerability where a flaw in query-handling can cause named to exit with an assertion failure when nxdomain-redirect is configured and a PTR query for an RFC 1918 address would yield NXDOMAIN. Affected: BIND 9.x (various 9.12.0–9.19.19 and related 9.16/9.18 ranges; versio...
CVE-2016-1285
CVE-2016-1285 affects ISC BIND 9.x (before 9.9.8-P4 and 9.10.x before 9.10.3-P4). The issue arises from improper handling of control-channel input to rndc, causing assertion failure and named daemon exit via a malformed packet. Connected advisories describe related impact for DNAME records (CVE-2...
CVE-2016-6170
CVE-2016-6170 affects ISC BIND up to 9.11.0b1 (and related 9.9.9-P1, 9.10.x, etc.). The provided records describe a denial-of-service risk: a primary DNS server can crash a secondary server via a large AXFR, IXFR responses, and an authenticated UPDATE could crash the primary. Documented affected ...
CVE-2012-4244
CVE-2012-4244 affects BIND 9.x with RDATA values exceeding 65535 bytes, enabling remote DoS via assertion failure in the named daemon. Connected advisories confirm a broad impact across multiple distributions and products (FreeBSD SA-12:06.bind; CentOS/RHEL updates; Fedora package updates; F5 adv...
CVE-1999-0024
CVE-1999-0024 describes a DNS cache-poisoning flaw in BIND caused by predictable DNS query IDs. The connected sources consistently state DNS cache poisoning via BIND, with related discussions in Red Hat/Security advisories and CERT context. The materials do not provide a concrete patch version or...
CVE-2010-3615
The CVE-2010-3615 vulnerability affects ISC BIND (DNS server) in the 9.7.2-P2 release where not all intended locations for allow-query ACLs are checked, enabling remote attackers to query private DNS records via standard DNS queries. Public advisories document this issue and reference fixes in ne...
CVE-2020-8624
CVE-2020-8624 affects BIND's update-policy rules of type "subdomain". The flaw allows an attacker with limited zone-content privileges to modify other zone contents. Reports across distros indicate the vulnerability impacts various BIND 9.x releases; confirmed fixes include patched BIND versions ...
CVE-2012-3817
CVE-2012-3817 affects BIND when DNSSEC validation is enabled. Under high query load, BIND could use data from the failing-query cache before it is fully initialized, causing an assertion failure and resulting in a denial of service (remote crash of named). Affected ranges include various 9.4.x–9....
CVE-2019-6477
CVE-2019-6477 affects BIND (DNS server). It allows TCP-pipelined queries to bypass per-connection tcp-client limits, potentially causing denial of service by exhausting server resources and making the service unresponsive. Affected distributions reference patched releases: Debian DSA-4689-1 notes...
CVE-2019-6471
CVE-2019-6471 is a race-condition vulnerability in ISC BIND where discarding malformed packets can trigger a REQUIRE assertion failure in dispatch.c, causing named to exit and produce a DoS. Affected versions include BIND 9.11.0–9.11.7, 9.12.0–9.12.4-P1, 9.14.0–9.14.2, all 9.13 development releas...
CVE-2015-1349
CVE-2015-1349 affects ISC BIND 9.7.0–9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2 when DNSSEC validation and managed-keys are enabled. A remote attacker can cause named to crash via an incorrect trust-anchor management scenario with no key ready for use, resulting in DoS. Public disclosures ...
CVE-2014-0591
CVE-2014-0591 affects ISC BIND 9.6, 9.7, 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2 (and 9.6-ESV before 9.6-ESV-R10-P2) where the query_findclosestnsec3 function in query.c can be triggered by crafted DNS queries to an authoritative server using NSEC3 signing. The result is a denial of service m...
CVE-2020-8620
CVE-2020-8620 affects BIND 9.15.6–9.16.5 and 9.17.0–9.17.3, where libuv-based TCP handling allows an attacker to send data to trigger an assertion failure and crash the server. The vulnerability stems from an incorrectly specified maximum buffer size that can be exploited by a specially crafted l...
CVE-2022-0396
CVE-2022-0396 affects BIND’s TCP stream handling in 9.16.11–9.16.26 (and 9.17.0–9.18.0 for DP/G‑ed editions). The flaw allows specially crafted TCP streams to keep connections in CLOSE_WAIT indefinitely, enabling denial of service on affected servers. Connected advisories indicate fixes in newer ...
CVE-2023-5680
CVE-2023-5680 concerns ISC BIND 9 where, when a resolver cache stores a very large number of ECS records for the same name, cleaning the cache database node for that name can cause the query path to suffer significantly in performance. Affected versions include 9.11.3-S1 through 9.11.37-S1, 9.16....
CVE-2008-1447
CVE-2008-1447 describes a DNS cache poisoning vulnerability known as the Kaminsky bug, arising from weak randomness in DNS transaction IDs and source ports. It affected BIND 8/9 (many versions) and Microsoft DNS on Windows platforms, enabling remote attackers to spoof DNS responses to recursive r...
CVE-2015-8704
CVE-2015-8704 affects ISC BIND 9.x; the vulnerability is in apl_42.c where malformed Address Prefix List (APL) data can trigger an INSIST assertion failure, causing the named process to terminate and a potential DoS. Affected: BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3. Exploita...
CVE-2015-5722
CVE-2015-5722 affects ISC BIND: a DoS via parsing a malformed DNSSEC key triggers an assertion failure in buffer.c, causing the validating resolver to exit. A remote attacker can exploit this with a crafted DNS query for a zone containing a malformed key. The vulnerability exists in BIND 9.x befo...
CVE-2016-2848
ISC BIND vulnerability CVE-2016-2848 affects BIND 9.1.0–9.8.4-P2 and 9.9.0–9.9.2-P2, allowing remote attackers to cause a denial of service (assertion failure and daemon exit) by sending malformed options data in an OPT resource record. Exploitation is via specially crafted DNS packets; impact is...
CVE-2015-5477
CVE-2015-5477 affects ISC BIND 9.x prior to 9.9.7-P2 and 9.10.x prior to 9.10.2-P3. Root cause: improper handling of TKEY DNS resource records causes an assertion failure, forcing the named daemon to exit and potentially crash. Impact: remote denial of service via crafted TKEY queries. Remediatio...
CVE-2010-0382
CVE-2010-0382 affects ISC BIND 9.0.x–9.3.x and several newer 9.4/9.5/9.6/9.7 builds with DNSSEC validation enabled. The issue arises from a regression during the fix for CVE-2009-4022 and allows a remote attacker to influence a response via out-of-bailiwick data without re-fetching from the origi...
CVE-2009-0696
CVE-2009-0696 affects ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1. When a BIND master server processes a crafted dynamic update message containing an ANY prerequisite, an attacker can trigger an assertion failure that causes named to exit, i.e., a denial-of-service ...
CVE-2013-2266
CVE-2013-2266 affects ISC BIND’s libdns, allowing remote attackers to trigger a denial of service by sending a crafted regular expression that drives memory usage. Affected are BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2. Several ven...
CVE-2009-4022
CVE-2009-4022 affects ISC BIND 9.0.x–9.3.x, and 9.4.x prior to 9.4.3-P4, 9.5 prior to 9.5.2-P1, 9.6 prior to 9.6.1-P2, and 9.7 beta prior to 9.7.0b3, when DNSSEC validation is enabled and DO checks are used, allowing remote cache-poisoning via crafted Additional sections in responses to recursive...
CVE-2013-6230
CVE-2013-6230 concerns ISC BIND and Windows Winsock: the WSAIoctl SIO_GET_INTERFACE_LIST path misinterprets the netmask 255.255.255.255, allowing remote bypass of IP address restrictions. Public details show affected BIND lines include 9.6-ESV to 9.9.x series; Windows Server 2008 usage is cited. ...
CVE-2020-8618
CVE-2020-8618 affects BIND. An assertion in rdataset.c can be incorrectly triggered by large zone transfers, allowing a remote attacker to deny service to clients. Public advisories confirm mitigation via upgrading to BIND 9.16.4+ (e.g., Arch Linux ASA-202006-13 lists 9.16.4-1 as the fix; upstrea...
CVE-2009-0025
CVE-2009-0025 describes a flaw in BIND 9.6.0 and earlier where the OpenSSL DSA_verify return value is not properly checked, enabling remote attackers to bypass certificate-chain validation via a malformed SSL/TLS signature. F5 advisories reference this as a related vulnerability to CVE-2008-5077 ...
CVE-2016-9444
CVE-2016-9444 affects ISC BIND 9.x; a crafted DS resource record in an answer can cause the named DNS server to crash via an assertion failure, if the BIND recursion option is enabled. The vulnerability is exploited remotely by an unauthenticated attacker and may cause the named process to exit (...
CVE-2018-5742
CVE-2018-5742 describes an assertion failure in BIND9 caused by a backport-related path in buffer.c:420, leading to a crash (denial of service). Affected are Red Hat family packages: bind-9.9.4-65.el7 through 9.9.4-72.el7, with no ISC releases affected; other distributions that replicated the err...
CVE-2018-5744
CVE-2018-5744 is a memory freeze/DoS in BIND caused by a failure to free memory when processing EDNS option combinations. Affected are BIND 9.10.7–9.10.8-P1, 9.11.3–9.11.5-P1, 9.12.0–9.12.3-P1, 9.10.7-S1–9.11.5-S3 (SPE), and 9.13.0–9.13.6 in the development line. Public advisories (e.g., Arch Lin...
CVE-2008-4163
CVE-2008-4163 affects ISC BIND 9 for Windows: 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1. Described as an unspecified vulnerability that allows remote attackers to cause a denial of service by terminating the UDP client handler, via unknown vectors. Multiple connected sources (Red Hat, Ubuntu, Deb...
CVE-2020-8621
CVE-2020-8621 affects BIND when QNAME minimization is enabled together with forward-first forwarding, potentially causing the server to crash. The vulnerable ranges are BIND 9.14.0–9.16.5 and 9.17.0–9.17.3; forward-only configurations are not affected. The issue is due to an assertion failure in ...
CVE-2010-3614
The CVE-2010-3614 issue affects ISC BIND 9.x where DNSKEY algorithm rollover can cause the server to misdetermine the NS RRset security status, potentially triggering DNSSEC validation errors and a denial of service. Public advisories and vendor notes (e.g., Debian DSA-2130-1, CentOS/RH advisorie...
CVE-2012-1033
The CVE-2012-1033 issue affects ISC BIND 9 up to 9.8.1-P1, where the resolver overwrites cached NS records and TTLs during handling of an A query response. This can allow remote attackers to trigger continued resolvability of revoked domain names via a ghost domain names attack. Public Nessus/IDS...
CVE-2022-3080
CVE-2022-3080 affects ISC BIND: a DoS in named where a resolver can crash after receiving specially crafted queries when stale-cache/stale-answers options are used (zero stale-answer-timeout with a stale CNAME). Public advisories (IBM AIX, ALMAS/AlmaLinux, Cloud Foundry, Debian/Ubuntu notes) desc...
CVE-2011-1910
The CVE-2011-1910 issue is an off-by-one vulnerability in ISC BIND named (affecting 9.x up to 9.7.3-P1, 9.8.x up to 9.8.0-P2, 9.4-ESV up to 9.4-ESV-R4-P1, and 9.6-ESV up to 9.6-ESV-R4-P1). A remote DNS server can cause a denial of service (assertion failure and daemon exit) by sending a negative ...
CVE-2011-4313
Description summary: CVE-2011-4313 affects ISC BIND 9.0.x–9.9.0b1 and can cause a remote denial of service (assertion failure and named exit) triggered by certain recursive DNS query handling and the caching of an invalid record. Root cause / impact: the issue is tied to the resolver’s processing...
CVE-2010-0097
CVE-2010-0097 affects ISC BIND 9.x where DNSSEC validation of NSEC/NSEC3 records is flawed, enabling remote attackers to add the AD flag to forged NXDOMAIN responses for an existing domain. Public advisories confirm fixes in later BIND releases (upstream: 9.6-ESV-R1 and 9.7.0.dfsg) and point to u...
CVE-2023-2829
CVE-2023-2829 affects BIND 9: named may terminate when synth-from-dnssec is enabled and a zone contains a malformed NSEC record. Affected versions are BIND 9.16.8-S1–9.16.41-S1 and 9.18.11-S1–9.18.15-S1. The issue is caused by parsing/processing of DNSSEC-cache data (NSEC) and can be triggered re...
CVE-2010-0290
CVE-2010-0290 is described in connected F5 advisories as an ISC BIND cache-poisoning vulnerability affecting BIND 9.0.x–9.3.x, 9.4 up to 9.4.3-P5, 9.5 up to 9.5.2-P2, 9.6 up to 9.6.1-P3, and 9.7.0 beta, when DNSSEC validation is enabled and CD checking is disabled. The attack involves receiving a...
CVE-2017-3135
ISC BIND 9 DNS64 and RPZ combined can crash the server. CVE-2017-3135 causes an assertion failure or NULL pointer dereference when query responses are rewritten with both DNS64 and RPZ enabled, leading to a denial of service. Affected versions include BIND 9.8.8 and 9.9.3–9.9.9 (S1–S7/P5), 9.9.10...
CVE-2023-4236
CVE-2023-4236 affects BIND 9 to include versions 9.18.0–9.18.18 and 9.18.11-S1–9.18.18-S1. The issue is a flaw in the DNS-over-TLS networking code that can cause an assertion failure, leading to an unexpected termination of named under heavy DNS-over-TLS query load. The practical consequence is a...
CVE-2015-8705
ISC BIND 9.10.x is vulnerable to CVE-2015-8705 due to a bug in buffer.c (named) when debug logging is enabled. The issue allows remote attackers to trigger a denial of service by exploiting how OPT data or ECS options are formatted to text, potentially causing a REQUIRE assertion failure and daem...
CVE-2022-1183
CVE-2022-1183 describes an assertion-failure termination in the named daemon on vulnerable BIND configurations that reference http in listen-on statements. Affected are BIND 9.18.0–9.18.2 and BIND 9.19.0 (development branch); configurations using DoT are unaffected, while DoT/DoH deployments may ...
CVE-2012-5689
The CVE-2012-5689 issue affects ISC BIND 9.8.x–9.9.2-P1 when DNS64 with RPZ is used without an AAAA rewrite rule, allowing remote attackers to cause a DoS via an AAAA query (assertion failure and named exit). Affected configurations point to DNS64 + RPZ Rewriting; mitigation in practice is to ens...
CVE-2018-5738
The CVE-2018-5738 issue in BIND stems from Change #4777, causing a regression where, when recursion is enabled, recursion could be allowed to all clients if no match lists are set for allow-query-cache/allow-query. Affected: BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0→9.12.1-P2, 9.13.0 (development), plu...
CVE-2023-2911
CVE-2023-2911 affects BIND 9 up to fixed versions in various distros. The issue occurs when the recursive-clients quota is reached with stale-answer-client-timeout 0, potentially causing named to loop and terminate due to a stack overflow. Public details list affected ranges (9.16.33–9.16.41, 9.1...
CVE-2018-5734
The CVE-2018-5734 issue concerns ISC BIND where handling a malformed DNS request causes an assertion failure in badcache.c due to selecting SERVFAIL instead of FORMERR. Affected versions are BIND 9.10.5-S1 to 9.10.5-S4 and 9.10.6-S1/S2. The connected documents describe the root cause as an incorr...