Lucene search
K

184 matches found

CVE
CVE
added 2017/01/12 6:6 a.m.193 views

CVE-2016-9147

CVE-2016-9147 relates to ISC BIND : A crafted upstream response containing inconsistent DNSSEC information can trigger an assertion failure in named, causing a denial of service (daemon exit). Affected: ISC BIND versions 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1. Connected advisories and vendo...

7.5CVSS7.3AI score0.24602EPSS
CVE
CVE
added 2009/01/26 3:5 p.m.191 views

CVE-2009-0265

CVE-2009-0265 affects BIND 9.6.0 and earlier, where the server does not properly check the return value of OpenSSL EVP_VerifyFinal, allowing remote attackers to bypass certificate-chain validation via a malformed SSL/TLS signature. The description notes this is similar to CVE-2008-5077 and CVE-20...

7.5CVSS7.6AI score0.02474EPSS
CVE
CVE
added 2026/05/20 1:10 p.m.184 views

CVE-2026-5950

The CVE-2026-5950 issue affects BIND 9 resolver logic, with an unbounded resend loop in the bad-server handling path of the state machine. This leads to remote, unauthenticated attackers exhausting resources by issuing queries that trigger specific retry conditions. Affected series include BIND 9...

5.3CVSS5.8AI score0.00551EPSS
CVE
CVE
added 2022/03/22 11:15 a.m.179 views

CVE-2022-0667

CVE-2022-0667 affects ISC BIND 9.18.0 where the recursive client backstop lifetime timer can trigger an assertion failure, causing BIND to terminate. This enables a remote denial-of-service and, potentially, cache poisoning. Upstream fixes are in 9.18.1 (and related patches).

7.5CVSS7.5AI score0.01285EPSS
CVE
CVE
added 2012/12/06 11:0 a.m.168 views

CVE-2012-5688

CVE-2012-5688 affects ISC BIND 9.8.x (before 9.8.4-P1) and 9.9.x (before 9.9.2-P1) when DNS64 is enabled. A crafted DNS query can trigger an assertion failure in named(8), causing a denial of service. The issue is mitigated by not enabling DNS64 or by upgrading to patched releases (9.8.4-P1, 9.9....

7.8CVSS7.9AI score0.10896EPSS
CVE
CVE
added 2007/07/24 5:0 p.m.164 views

CVE-2007-2926

CVE-2007-2926 affects ISC BIND 9.x up to 9.5.0a5, where the DNS query ID generator used during answering resolver questions or sending NOTIFY messages uses a weak RNG. This enables a remote attacker to more easily guess query IDs and poison caches. The issue is specific to outgoing queries from B...

4.3CVSS7.4AI score0.1309EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.160 views

CVE-2017-3137

CVE-2017-3137 is a denial-of-service issue in BIND where a response containing CNAME or DNAME records can cause named to exit with an assertion failure when records are in an unusual order. Affected upstream releases include multiple 9.x series (e.g., 9.9.9-P6 through 9.11.1rc1, 9.9.9-S8; also li...

7.5CVSS7.1AI score0.08902EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.152 views

CVE-2017-3138

CVE-2017-3138 affects the BIND/named control channel. A regression can cause named to exit with a REQUIRE assertion failure when it receives a null command string on the control channel, potentially enabling denial-of-service. Affected versions in the CVE scope include BIND 9.9.9 through 9.11.1rc...

6.5CVSS6.3AI score0.05478EPSS
CVE
CVE
added 2022/03/23 11:55 a.m.152 views

CVE-2022-0635

The CVE affects ISC BIND 9.18.0 where dnssec-validation enabled with synth-from-dnssec can trigger an INSIST assertion failure in query_dname, causing named to terminate (DoS). Mitigation: upgrade to BIND 9.18.1 (fixed upstream); Archlinux/IDS advisories confirm the fix. If not upgrading, a tempo...

7.5CVSS7.3AI score0.01285EPSS
CVE
CVE
added 2011/05/09 10:0 p.m.151 views

CVE-2011-1907

ISC BIND 9.x is affected by a DoS vulnerability (CVE-2011-1907) when RPZ RRset replacement is enabled. The issue occurs in the RRSIG query path, causing an assertion failure and daemon exit. Affected versions are BIND 9.x up to but not including 9.8.0-P1 (notably 9.8.x before 9.8.0-P1). The root ...

5CVSS8.1AI score0.05368EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.146 views

CVE-2018-5736

CVE-2018-5736 is an ISC BIND vulnerability affecting versions 9.12.0 and 9.12.1. The issue is an error in the zone database reference counting that can trigger an assertion failure when a vulnerable server performs several slave-zone transfers in quick succession (for example after valid NOTIFY m...

5.3CVSS5.7AI score0.17879EPSS
CVE
CVE
added 2006/09/06 12:0 a.m.128 views

CVE-2006-4095

CVE-2006-4095 affects ISC BIND prior to 9.2.6-P1 and 9.3.x prior to 9.3.2-P1. A remote attacker can trigger a crash via certain SIG queries that cause an assertion failure when multiple RRsets are returned, constituting a denial of service. This vulnerability is referenced in multiple Nessus/NVL ...

7.5CVSS7.4AI score0.12551EPSS
CVE
CVE
added 2021/08/18 6:20 p.m.127 views

CVE-2021-25218

CVE-2021-25218 affects BIND up to 9.16.19, 9.17.16, and 9.16.19-S1 of the BIND Supported Preview Edition. A vulnerable named process terminates due to a failed assertion when handling certain queries under the described conditions. The issue is publicly documented with multiple advisories and dis...

7.5CVSS7.4AI score0.03559EPSS
CVE
CVE
added 2011/07/08 8:0 p.m.125 views

CVE-2011-2464

CVE-2011-2464 is an unspecified DoS vulnerability in ISC BIND 9.x (9.6.x up to 9.6-ESV-R4-P3; 9.7.x up to 9.7.3-P3; 9.8.x up to 9.8.0-P4) exploitable via crafted UPDATE requests that can crash named. The connected advisories confirm vendor patches and updated packages across multiple distribution...

5CVSS8AI score0.19265EPSS
In wild
CVE
CVE
added 1999/09/29 4:0 a.m.124 views

CVE-1999-0184

CVE-1999-0184 affects bind when built with the -DALLOW_UPDATES option, enabling dynamic updates to the DNS server and allowing malicious modification of DNS records. The vulnerability is tied to enabling dynamic updates in the DNS server, with impact described as potential modification of records...

6.4CVSS6.8AI score0.01909EPSS
CVE
CVE
added 2010/10/05 9:0 p.m.123 views

CVE-2010-3762

ISC BIND before 9.7.2-P2 with DNSSEC validation enabled is vulnerable when multiple trust anchors exist for a zone, allowing remote attackers to trigger a denial of service (daemon crash) via a DNS query. Affected products/contexts shown in connected advisories (e.g., F5 SOL15172, Debian/Oracle/L...

4.3CVSS6.3AI score0.08086EPSS
CVE
CVE
added 2026/05/20 1:10 p.m.123 views

CVE-2026-5946

Summary of CVE-2026-5946 (CVE entry for named in BIND) : The issue involves the DNS message handling in the BIND 9 recursive resolver (named) when processing DNS classes other than IN (e.g., CHAOS/HESIOD) or non-IN data in questions. According to the sources, specially crafted requests reaching c...

7.5CVSS5.9AI score0.0181EPSS
CVE
CVE
added 2019/10/17 7:17 p.m.115 views

CVE-2019-6476

CVE-2019-6476 describes a defect in the QNAME minimization code in BIND that can cause named to exit with an assertion failure when a forwarder returns a referral instead of resolving the query. Affected products/versions: BIND 9.14.0–9.14.6 and 9.15.0–9.15.4. The description does not provide a f...

7.5CVSS6.4AI score0.02883EPSS
CVE
CVE
added 2010/12/03 8:0 p.m.114 views

CVE-2010-3613

CVE-2010-3613 affects BIND (named) in versions 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3. The issue arises from how signed negative responses and corresponding RRSIG records are handled in the cache, enabling remote attackers to cause a denial of service (daemon ...

4CVSS8.2AI score0.10655EPSS
In wild
CVE
CVE
added 2019/01/16 8:0 p.m.113 views

CVE-2017-3140

CVE-2017-3140 describes an RPZ rule processing error in BIND that can cause named to enter an endless loop when handling a query. Affected BIND versions per sources include 9.9.10, 9.10.5, 9.11.0–9.11.1, 9.9.10-S1, 9.10.5-S1. Public advisories differ on impact to vendor products; F5 notes not aff...

5.9CVSS4.9AI score0.1213EPSS
CVE
CVE
added 2019/01/16 8:0 p.m.112 views

CVE-2018-5737

CVE-2018-5737 concerns ISC BIND 9.12.x. The issue arises from the implementation of the new serve-stale feature, which can trigger an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, interaction between serve-stale and NSEC aggressive negative caching can, in some ...

7.5CVSS6.3AI score0.10355EPSS
CVE
CVE
added 2023/01/25 9:37 p.m.110 views

CVE-2022-3488

ISC BIND is affected by CVE-2022-3488: when a resolver processes repeated responses to the same query that include ECS pseudo-options, if the first response is broken, the named process can exit with an assertion failure. Affected are BIND 9.x releases: 9.11.4-S1–9.11.37-S1 and 9.16.8-S1–9.16.36-...

7.5CVSS7.3AI score0.19045EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.108 views

CVE-2019-6467

CVE-2019-6467 affects BIND's nxdomain-redirect feature. A programming error can trigger an assertion failure in query.c when the alternate namespace used for NXDOMAIN redirection is a descendant of a locally served zone. Affected: BIND 9.12.0–9.12.4, 9.14.0, and all 9.13 development releases. Con...

7.5CVSS6.3AI score0.05415EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.107 views

CVE-2019-6468

CVE-2019-6468 affects BIND Supported Preview Edition, specifically versions 9.10.5-S1 through 9.11.5-S5 that have EDNS Client Subnet (ECS) support. Enabling nxdomain-redirect in ECS-enabled builds can lead to an assertion failure, causing BIND to exit. The connected documents provide the affected...

7.5CVSS6AI score0.02539EPSS
CVE
CVE
added 2022/09/21 10:15 a.m.107 views

CVE-2022-2881

CVE-2022-2881 is described across multiple records as a read-past-end-of-buffer issue in ISC BIND, specifically in the DNS statistics channel, leading to memory reads outside bounds or a crash. The connected documents confirm ISC BIND as affected and reference several advisories (USN-5626-1, CNVD...

8.2CVSS6.6AI score0.01073EPSS
CVE
CVE
added 2019/11/05 6:14 p.m.104 views

CVE-2013-5661

The connected documents consistently describe CVE-2013-5661 as a DNS cache poisoning issue in the DNS Response Rate Limiting mechanism of ISC BIND. The vulnerability is tied to BIND’s handling of responses that can be poisoned to contaminate DNS caches. Concrete details (affected versions, exact ...

5.9CVSS5.7AI score0.0345EPSS
CVE
CVE
added 2019/10/17 7:17 p.m.98 views

CVE-2019-6475

CVE-2019-6475 : In ISC BIND, an error in mirror zone validity checks can allow an on-path attacker to replace zone data that was validated with a trust anchor with forged data. Affected: BIND 9.14.0–9.14.6 and 9.15.0–9.15.4. Impact details are as described in the vulnerability entry; no remediati...

7.5CVSS6.2AI score0.01262EPSS
CVE
CVE
added 2026/05/20 1:9 p.m.97 views

CVE-2026-3039

CVE-2026-3039 affects BIND 9.x when TKEY-based authentication via GSS-API tokens is used; the issue is a memory-exhaustion vulnerability triggered by malicious packets in Active Directory/Kerberos DNS setups. Affected versions span 9.0.0–9.16.50, 9.18.0–9.18.48, 9.20.0–9.20.22, 9.21.0–9.21.21, pl...

7.5CVSS5.7AI score0.01047EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.96 views

CVE-1999-0009

Summary of CVE-1999-0009 from connected documents : The issue is an inverse query buffer overflow in BIND releases 4.9 and 8. The Red Hat entry mirrors the description: the vulnerability is an inverse query buffer overflow in BIND 4.9 and 8 releases. Tenable/Nessus references indicate this is a r...

10CVSS7.3AI score0.29013EPSS
CVE
CVE
added 2007/07/24 5:0 p.m.95 views

CVE-2007-2925

CVE-2007-2925 affects ISC BIND 9.4.0/9.4.1 and 9.5.0a1–9.5.0a5 where default ACLs do not enable allow-recursion or allow-query-cache, allowing remote recursion against the cache. Upstream fixes exist (e.g., 9.5.0a6, and related patches for 9.4.x/9.5.x lines). Several advisories note the issue and...

5.8CVSS8.4AI score0.06199EPSS
CVE
CVE
added 2022/09/21 10:15 a.m.95 views

CVE-2022-2906

CVE-2022-2906 affects ISC BIND. The provided documents describe a memory-exhaustion vulnerability that can allow a remote attacker to gradually erode available memory, potentially causing the named DNS server to crash (denial of service) under resource pressure. Several connected sources corrobor...

7.5CVSS7.4AI score0.01646EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.94 views

CVE-1999-0011

CVE-1999-0011 corresponds to Denial of Service vulnerabilities in BIND 4.9 and BIND 8, reported across multiple vendors. Public records indicate DoS via CNAME records and zone transfers. Affected products include BIND 4.9.x and 8.x; the root cause is not detailed in the provided documents beyond ...

10CVSS7AI score0.05469EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.94 views

CVE-2002-1220

BIND 8.3.x–8.3.3 is affected by CVE-2002-1220: remote denial of service (termination due to assertion failure) triggered by a request for a non-existent subdomain containing an OPT RR with a large UDP payload. The available sources confirm the affected range and the impact but do not provide expl...

5CVSS6.3AI score0.096EPSS
CVE
CVE
added 2007/01/25 8:0 p.m.94 views

CVE-2007-0493

CVE-2007-0493 is a use-after-free in ISC BIND that allows remote attackers to cause a named daemon crash by dereferencing a freed fetch context. Affected BIND versions include 9.3.0–9.3.3, 9.4.0a1–9.4.0a6, 9.4.0b1–9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only). The issue stems from accessing me...

7.8CVSS7.2AI score0.12079EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.93 views

CVE-1999-0010

CVE-1999-0010 describes a Denial of Service vulnerability in BIND 8 releases caused by maliciously formatted DNS messages. Connected docs corroborate the DoS issue and note remediation in HP-UX via patch PHNE_12957 for s700_800 11.00 Bind 4.9.7 components; other records repeat the DoS description...

5CVSS6.8AI score0.02371EPSS
CVE
CVE
added 2006/09/06 12:0 a.m.90 views

CVE-2006-4096

CVE-2006-4096 affects BIND 9.2.6-P1 and 9.3.x before 9.3.2-P1. Remote attackers can cause a denial of service (crash) by sending a flood of recursive queries, which triggers an INSIST failure when the response arrives after the recursion queue is empty. Connected advisories (Ubuntu USN-343-1, Sla...

5CVSS7.2AI score0.08684EPSS
CVE
CVE
added 2007/01/25 8:0 p.m.89 views

CVE-2007-0494

CVE-2007-0494 affects ISC BIND: remote attackers can cause a denial of service via a DNS response to a type ANY query that contains multiple RRsets, triggering an assertion error in DNSSEC validation. Affected software includes BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up t...

4.3CVSS7.2AI score0.43355EPSS
CVE
CVE
added 2012/07/25 10:0 a.m.89 views

CVE-2012-3868

CVE-2012-3868 concerns ISC BIND 9.9.x prior to 9.9.1-P2, where a race condition in ns_client structure management can be exploited by a high volume of TCP queries to cause a denial of service (memory consumption or process exit). The description specifies the underlying cause as a race condition ...

4.3CVSS6.4AI score0.02722EPSS
CVE
CVE
added 2013/06/06 10:0 a.m.88 views

CVE-2013-3919

CVE-2013-3919 affects ISC BIND where resolver.c, used by recursive resolvers, can trigger an assertion failure and named daemon exit when handling a query for a record in a malformed zone. Affected versions include BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R...

7.8CVSS4.8AI score0.0511EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.87 views

CVE-1999-0833

CVE-1999-0833 describes a buffer overflow in BIND 8.2 when processing NXT records. The vulnerability arises in the rrextract logic for NXT processing, where the dlen/n/cp1 handling can be coerced to overflow the destination, enabling remote code execution with the privileges of the named process....

7.5CVSS6.9AI score0.02141EPSS
CVE
CVE
added 2019/10/09 2:17 p.m.87 views

CVE-2019-6469

CVE-2019-6469 concerns an error in the EDNS Client Subnet (ECS) feature in BIND’s recursive resolvers. A malformed RRSIG in a response can trigger an assertion failure, causing BIND to exit. Affected versions are BIND 9.10.5-S1 through 9.11.6-S1 (BIND 9 Supported Preview Edition). The issue is ti...

7.5CVSS6.3AI score0.01946EPSS
CVE
CVE
added 2010/10/05 9:0 p.m.86 views

CVE-2010-0218

CVE-2010-0218 affects ISC BIND 9.7.2 through 9.7.2-P1, where an incorrect ACL allows RD (Recursion Desired) queries to access the cache, enabling remote disclosure of potentially sensitive information via DNS queries. The issue arises from misconfigured access control on the cache. Some connected...

5CVSS6.1AI score0.03572EPSS
CVE
CVE
added 2007/05/02 10:0 a.m.84 views

CVE-2007-2241

Summary (CVE-2007-2241) : An unspecified vulnerability in query.c of ISC BIND 9.4.0 and 9.5.0a1–9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) by issuing a crafted sequence of queries to the resolver. The issue is specifically tied to the qu...

7.1CVSS8.1AI score0.07614EPSS
CVE
CVE
added 2003/12/02 5:0 a.m.81 views

CVE-2003-0914

CVE-2003-0914 affects ISC BIND 8.3.x before 8.3.7 and 8.4.x before 8.4.3. A remote attacker can poison the DNS cache by using a malicious nameserver that returns negative responses with a large TTL, causing legitimate queries to be answered with cached negative results. Remediation mentioned in t...

4.3CVSS6.2AI score0.0316EPSS
CVE
CVE
added 2011/02/23 6:0 p.m.81 views

CVE-2011-0414

CVE-2011-0414 affects ISC BIND versions 9.7.1 through 9.7.2-P3 when configured as an authoritative server. A race condition during IXFR transfers or DDNS updates can cause a remote denial of service (deadlock/daemon hang). Public advisories across distributions (Debian, openSUSE, Gentoo, etc.) do...

7.1CVSS8.1AI score0.13598EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.80 views

CVE-2001-0011

CVE-2001-0011 describes a buffer overflow in the nslookupComplain() routine of ISC BIND 4, enabling remote attackers to execute code with the BIND process’s privileges (typically root) and potentially gain full control of affected systems. Affected lines include BIND 4.x and certain 8.x versions ...

10CVSS7.2AI score0.07654EPSS
CVE
CVE
added 2010/07/27 10:0 p.m.80 views

CVE-2010-0213

CVE-2010-0213 affects BIND 9.7.1 and 9.7.1-P1 when a recursive validating server uses a statically configured trust anchor or DNSSEC Lookaside Validation (DLV). The flaw allows remote attackers to trigger a denial of service (infinite loop) by issuing a query for an RRSIG record whose answer is n...

2.6CVSS8AI score0.06524EPSS
CVE
CVE
added 2002/07/31 4:0 a.m.79 views

CVE-2002-0684

CVE-2002-0684 describes a buffer overflow in the DNS resolver logic used by BIND 4.9.8 and ported to glibc 2.2.5 and earlier. The flaw occurs in resolver/DNS name resolution (getnetbyname/getnetbyaddr) and can allow a remote attacker sending crafted DNS responses to execute arbitrary code. Severa...

7.5CVSS9.7AI score0.05861EPSS
CVE
CVE
added 2007/09/12 1:0 a.m.79 views

CVE-2007-2930

CVE-2007-2930 affects ISC BIND 8 up to 8.4.7-P1, where the NSID_SHUFFLE_ONLY and NSID_USE_POOL PRNGs generate predictable DNS query IDs when the resolver sends outgoing queries (e.g., NOTIFY). This weakness enables remote attackers to poison DNS caches via unknown vectors. The advisory notes this...

4.3CVSS6.7AI score0.07585EPSS
CVE
CVE
added 2014/06/13 10:0 a.m.79 views

CVE-2014-3859

CVE-2014-3859 affects ISC BIND 9.x where EDNS option processing is vulnerable to a crafted packet causing an assertion failure and daemon exit, resulting in a denial of service. Concrete references across multiple vendors/inputs confirm exposure in BIND 9.10.0 before P2 and related 9.x releases, ...

5CVSS7.2AI score0.06978EPSS
Total number of security vulnerabilities184