184 matches found
CVE-2016-9147
CVE-2016-9147 relates to ISC BIND : A crafted upstream response containing inconsistent DNSSEC information can trigger an assertion failure in named, causing a denial of service (daemon exit). Affected: ISC BIND versions 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1. Connected advisories and vendo...
CVE-2009-0265
CVE-2009-0265 affects BIND 9.6.0 and earlier, where the server does not properly check the return value of OpenSSL EVP_VerifyFinal, allowing remote attackers to bypass certificate-chain validation via a malformed SSL/TLS signature. The description notes this is similar to CVE-2008-5077 and CVE-20...
CVE-2026-5950
The CVE-2026-5950 issue affects BIND 9 resolver logic, with an unbounded resend loop in the bad-server handling path of the state machine. This leads to remote, unauthenticated attackers exhausting resources by issuing queries that trigger specific retry conditions. Affected series include BIND 9...
CVE-2022-0667
CVE-2022-0667 affects ISC BIND 9.18.0 where the recursive client backstop lifetime timer can trigger an assertion failure, causing BIND to terminate. This enables a remote denial-of-service and, potentially, cache poisoning. Upstream fixes are in 9.18.1 (and related patches).
CVE-2012-5688
CVE-2012-5688 affects ISC BIND 9.8.x (before 9.8.4-P1) and 9.9.x (before 9.9.2-P1) when DNS64 is enabled. A crafted DNS query can trigger an assertion failure in named(8), causing a denial of service. The issue is mitigated by not enabling DNS64 or by upgrading to patched releases (9.8.4-P1, 9.9....
CVE-2007-2926
CVE-2007-2926 affects ISC BIND 9.x up to 9.5.0a5, where the DNS query ID generator used during answering resolver questions or sending NOTIFY messages uses a weak RNG. This enables a remote attacker to more easily guess query IDs and poison caches. The issue is specific to outgoing queries from B...
CVE-2017-3137
CVE-2017-3137 is a denial-of-service issue in BIND where a response containing CNAME or DNAME records can cause named to exit with an assertion failure when records are in an unusual order. Affected upstream releases include multiple 9.x series (e.g., 9.9.9-P6 through 9.11.1rc1, 9.9.9-S8; also li...
CVE-2017-3138
CVE-2017-3138 affects the BIND/named control channel. A regression can cause named to exit with a REQUIRE assertion failure when it receives a null command string on the control channel, potentially enabling denial-of-service. Affected versions in the CVE scope include BIND 9.9.9 through 9.11.1rc...
CVE-2022-0635
The CVE affects ISC BIND 9.18.0 where dnssec-validation enabled with synth-from-dnssec can trigger an INSIST assertion failure in query_dname, causing named to terminate (DoS). Mitigation: upgrade to BIND 9.18.1 (fixed upstream); Archlinux/IDS advisories confirm the fix. If not upgrading, a tempo...
CVE-2011-1907
ISC BIND 9.x is affected by a DoS vulnerability (CVE-2011-1907) when RPZ RRset replacement is enabled. The issue occurs in the RRSIG query path, causing an assertion failure and daemon exit. Affected versions are BIND 9.x up to but not including 9.8.0-P1 (notably 9.8.x before 9.8.0-P1). The root ...
CVE-2018-5736
CVE-2018-5736 is an ISC BIND vulnerability affecting versions 9.12.0 and 9.12.1. The issue is an error in the zone database reference counting that can trigger an assertion failure when a vulnerable server performs several slave-zone transfers in quick succession (for example after valid NOTIFY m...
CVE-2006-4095
CVE-2006-4095 affects ISC BIND prior to 9.2.6-P1 and 9.3.x prior to 9.3.2-P1. A remote attacker can trigger a crash via certain SIG queries that cause an assertion failure when multiple RRsets are returned, constituting a denial of service. This vulnerability is referenced in multiple Nessus/NVL ...
CVE-2021-25218
CVE-2021-25218 affects BIND up to 9.16.19, 9.17.16, and 9.16.19-S1 of the BIND Supported Preview Edition. A vulnerable named process terminates due to a failed assertion when handling certain queries under the described conditions. The issue is publicly documented with multiple advisories and dis...
CVE-2011-2464
CVE-2011-2464 is an unspecified DoS vulnerability in ISC BIND 9.x (9.6.x up to 9.6-ESV-R4-P3; 9.7.x up to 9.7.3-P3; 9.8.x up to 9.8.0-P4) exploitable via crafted UPDATE requests that can crash named. The connected advisories confirm vendor patches and updated packages across multiple distribution...
CVE-1999-0184
CVE-1999-0184 affects bind when built with the -DALLOW_UPDATES option, enabling dynamic updates to the DNS server and allowing malicious modification of DNS records. The vulnerability is tied to enabling dynamic updates in the DNS server, with impact described as potential modification of records...
CVE-2010-3762
ISC BIND before 9.7.2-P2 with DNSSEC validation enabled is vulnerable when multiple trust anchors exist for a zone, allowing remote attackers to trigger a denial of service (daemon crash) via a DNS query. Affected products/contexts shown in connected advisories (e.g., F5 SOL15172, Debian/Oracle/L...
CVE-2026-5946
Summary of CVE-2026-5946 (CVE entry for named in BIND) : The issue involves the DNS message handling in the BIND 9 recursive resolver (named) when processing DNS classes other than IN (e.g., CHAOS/HESIOD) or non-IN data in questions. According to the sources, specially crafted requests reaching c...
CVE-2019-6476
CVE-2019-6476 describes a defect in the QNAME minimization code in BIND that can cause named to exit with an assertion failure when a forwarder returns a referral instead of resolving the query. Affected products/versions: BIND 9.14.0–9.14.6 and 9.15.0–9.15.4. The description does not provide a f...
CVE-2010-3613
CVE-2010-3613 affects BIND (named) in versions 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3. The issue arises from how signed negative responses and corresponding RRSIG records are handled in the cache, enabling remote attackers to cause a denial of service (daemon ...
CVE-2017-3140
CVE-2017-3140 describes an RPZ rule processing error in BIND that can cause named to enter an endless loop when handling a query. Affected BIND versions per sources include 9.9.10, 9.10.5, 9.11.0–9.11.1, 9.9.10-S1, 9.10.5-S1. Public advisories differ on impact to vendor products; F5 notes not aff...
CVE-2018-5737
CVE-2018-5737 concerns ISC BIND 9.12.x. The issue arises from the implementation of the new serve-stale feature, which can trigger an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, interaction between serve-stale and NSEC aggressive negative caching can, in some ...
CVE-2022-3488
ISC BIND is affected by CVE-2022-3488: when a resolver processes repeated responses to the same query that include ECS pseudo-options, if the first response is broken, the named process can exit with an assertion failure. Affected are BIND 9.x releases: 9.11.4-S1–9.11.37-S1 and 9.16.8-S1–9.16.36-...
CVE-2019-6467
CVE-2019-6467 affects BIND's nxdomain-redirect feature. A programming error can trigger an assertion failure in query.c when the alternate namespace used for NXDOMAIN redirection is a descendant of a locally served zone. Affected: BIND 9.12.0–9.12.4, 9.14.0, and all 9.13 development releases. Con...
CVE-2019-6468
CVE-2019-6468 affects BIND Supported Preview Edition, specifically versions 9.10.5-S1 through 9.11.5-S5 that have EDNS Client Subnet (ECS) support. Enabling nxdomain-redirect in ECS-enabled builds can lead to an assertion failure, causing BIND to exit. The connected documents provide the affected...
CVE-2022-2881
CVE-2022-2881 is described across multiple records as a read-past-end-of-buffer issue in ISC BIND, specifically in the DNS statistics channel, leading to memory reads outside bounds or a crash. The connected documents confirm ISC BIND as affected and reference several advisories (USN-5626-1, CNVD...
CVE-2013-5661
The connected documents consistently describe CVE-2013-5661 as a DNS cache poisoning issue in the DNS Response Rate Limiting mechanism of ISC BIND. The vulnerability is tied to BIND’s handling of responses that can be poisoned to contaminate DNS caches. Concrete details (affected versions, exact ...
CVE-2019-6475
CVE-2019-6475 : In ISC BIND, an error in mirror zone validity checks can allow an on-path attacker to replace zone data that was validated with a trust anchor with forged data. Affected: BIND 9.14.0–9.14.6 and 9.15.0–9.15.4. Impact details are as described in the vulnerability entry; no remediati...
CVE-2026-3039
CVE-2026-3039 affects BIND 9.x when TKEY-based authentication via GSS-API tokens is used; the issue is a memory-exhaustion vulnerability triggered by malicious packets in Active Directory/Kerberos DNS setups. Affected versions span 9.0.0–9.16.50, 9.18.0–9.18.48, 9.20.0–9.20.22, 9.21.0–9.21.21, pl...
CVE-1999-0009
Summary of CVE-1999-0009 from connected documents : The issue is an inverse query buffer overflow in BIND releases 4.9 and 8. The Red Hat entry mirrors the description: the vulnerability is an inverse query buffer overflow in BIND 4.9 and 8 releases. Tenable/Nessus references indicate this is a r...
CVE-2007-2925
CVE-2007-2925 affects ISC BIND 9.4.0/9.4.1 and 9.5.0a1–9.5.0a5 where default ACLs do not enable allow-recursion or allow-query-cache, allowing remote recursion against the cache. Upstream fixes exist (e.g., 9.5.0a6, and related patches for 9.4.x/9.5.x lines). Several advisories note the issue and...
CVE-2022-2906
CVE-2022-2906 affects ISC BIND. The provided documents describe a memory-exhaustion vulnerability that can allow a remote attacker to gradually erode available memory, potentially causing the named DNS server to crash (denial of service) under resource pressure. Several connected sources corrobor...
CVE-1999-0011
CVE-1999-0011 corresponds to Denial of Service vulnerabilities in BIND 4.9 and BIND 8, reported across multiple vendors. Public records indicate DoS via CNAME records and zone transfers. Affected products include BIND 4.9.x and 8.x; the root cause is not detailed in the provided documents beyond ...
CVE-2002-1220
BIND 8.3.x–8.3.3 is affected by CVE-2002-1220: remote denial of service (termination due to assertion failure) triggered by a request for a non-existent subdomain containing an OPT RR with a large UDP payload. The available sources confirm the affected range and the impact but do not provide expl...
CVE-2007-0493
CVE-2007-0493 is a use-after-free in ISC BIND that allows remote attackers to cause a named daemon crash by dereferencing a freed fetch context. Affected BIND versions include 9.3.0–9.3.3, 9.4.0a1–9.4.0a6, 9.4.0b1–9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only). The issue stems from accessing me...
CVE-1999-0010
CVE-1999-0010 describes a Denial of Service vulnerability in BIND 8 releases caused by maliciously formatted DNS messages. Connected docs corroborate the DoS issue and note remediation in HP-UX via patch PHNE_12957 for s700_800 11.00 Bind 4.9.7 components; other records repeat the DoS description...
CVE-2006-4096
CVE-2006-4096 affects BIND 9.2.6-P1 and 9.3.x before 9.3.2-P1. Remote attackers can cause a denial of service (crash) by sending a flood of recursive queries, which triggers an INSIST failure when the response arrives after the recursion queue is empty. Connected advisories (Ubuntu USN-343-1, Sla...
CVE-2007-0494
CVE-2007-0494 affects ISC BIND: remote attackers can cause a denial of service via a DNS response to a type ANY query that contains multiple RRsets, triggering an assertion error in DNSSEC validation. Affected software includes BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up t...
CVE-2012-3868
CVE-2012-3868 concerns ISC BIND 9.9.x prior to 9.9.1-P2, where a race condition in ns_client structure management can be exploited by a high volume of TCP queries to cause a denial of service (memory consumption or process exit). The description specifies the underlying cause as a race condition ...
CVE-2013-3919
CVE-2013-3919 affects ISC BIND where resolver.c, used by recursive resolvers, can trigger an assertion failure and named daemon exit when handling a query for a record in a malformed zone. Affected versions include BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R...
CVE-1999-0833
CVE-1999-0833 describes a buffer overflow in BIND 8.2 when processing NXT records. The vulnerability arises in the rrextract logic for NXT processing, where the dlen/n/cp1 handling can be coerced to overflow the destination, enabling remote code execution with the privileges of the named process....
CVE-2019-6469
CVE-2019-6469 concerns an error in the EDNS Client Subnet (ECS) feature in BIND’s recursive resolvers. A malformed RRSIG in a response can trigger an assertion failure, causing BIND to exit. Affected versions are BIND 9.10.5-S1 through 9.11.6-S1 (BIND 9 Supported Preview Edition). The issue is ti...
CVE-2010-0218
CVE-2010-0218 affects ISC BIND 9.7.2 through 9.7.2-P1, where an incorrect ACL allows RD (Recursion Desired) queries to access the cache, enabling remote disclosure of potentially sensitive information via DNS queries. The issue arises from misconfigured access control on the cache. Some connected...
CVE-2007-2241
Summary (CVE-2007-2241) : An unspecified vulnerability in query.c of ISC BIND 9.4.0 and 9.5.0a1–9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) by issuing a crafted sequence of queries to the resolver. The issue is specifically tied to the qu...
CVE-2003-0914
CVE-2003-0914 affects ISC BIND 8.3.x before 8.3.7 and 8.4.x before 8.4.3. A remote attacker can poison the DNS cache by using a malicious nameserver that returns negative responses with a large TTL, causing legitimate queries to be answered with cached negative results. Remediation mentioned in t...
CVE-2011-0414
CVE-2011-0414 affects ISC BIND versions 9.7.1 through 9.7.2-P3 when configured as an authoritative server. A race condition during IXFR transfers or DDNS updates can cause a remote denial of service (deadlock/daemon hang). Public advisories across distributions (Debian, openSUSE, Gentoo, etc.) do...
CVE-2001-0011
CVE-2001-0011 describes a buffer overflow in the nslookupComplain() routine of ISC BIND 4, enabling remote attackers to execute code with the BIND process’s privileges (typically root) and potentially gain full control of affected systems. Affected lines include BIND 4.x and certain 8.x versions ...
CVE-2010-0213
CVE-2010-0213 affects BIND 9.7.1 and 9.7.1-P1 when a recursive validating server uses a statically configured trust anchor or DNSSEC Lookaside Validation (DLV). The flaw allows remote attackers to trigger a denial of service (infinite loop) by issuing a query for an RRSIG record whose answer is n...
CVE-2002-0684
CVE-2002-0684 describes a buffer overflow in the DNS resolver logic used by BIND 4.9.8 and ported to glibc 2.2.5 and earlier. The flaw occurs in resolver/DNS name resolution (getnetbyname/getnetbyaddr) and can allow a remote attacker sending crafted DNS responses to execute arbitrary code. Severa...
CVE-2007-2930
CVE-2007-2930 affects ISC BIND 8 up to 8.4.7-P1, where the NSID_SHUFFLE_ONLY and NSID_USE_POOL PRNGs generate predictable DNS query IDs when the resolver sends outgoing queries (e.g., NOTIFY). This weakness enables remote attackers to poison DNS caches via unknown vectors. The advisory notes this...
CVE-2014-3859
CVE-2014-3859 affects ISC BIND 9.x where EDNS option processing is vulnerable to a crafted packet causing an assertion failure and daemon exit, resulting in a denial of service. Concrete references across multiple vendors/inputs confirm exposure in BIND 9.10.0 before P2 and related 9.x releases, ...