184 matches found
CVE-2002-2212
CVE-2002-2212 affects the DNS resolver in Fujitsu UXP/V. The vulnerability allows remote attackers to perform DNS cache poisoning through a birthday-attack using many concurrent DNS queries and spoofed responses, increasing the chance of a correct spoofed reply more efficiently than brute force. ...
CVE-2002-1221
CVE-2002-1221 affects BIND 8.x through 8.3.3; remote attacker can cause a denial of service (crash) by sending SIG RR elements with invalid expiry times. The invalid entries are removed from the internal BIND database and can later trigger a null dereference. Debian and related advisories (DSA-19...
CVE-2002-1219
CVE-2002-1219 affects ISC BIND (named) in BIND 4 (≤4.9.10) and BIND 8 (≤8.3.3). Root cause: a buffer overflow in processing certain DNS responses containing SIG resource records, enabling remote code execution via crafted replies. Documented impact: remote attacker can execute arbitrary code with...
CVE-2002-2211
CVE-2002-2211 involves BIND 4 and BIND 8 when resolving recursive DNS queries for arbitrary hosts. The underlying issue is a DNS cache poisoning risk via a birthday attack that leverages a large number of open queries for the same RR combined with spoofed responses, increasing the chance of poiso...
CVE-2016-2088
CVE-2016-2088 affects ISC BIND 9.10.x prior to 9.10.3-P4. When DNS cookies are enabled, a remote attacker can send a malformed packet with multiple cookie options to trigger an assertion failure in resolver.c and cause named to crash (denial of service). Connected sources corroborate the vulnerab...
CVE-2016-9778
CVE-2016-9778 affects ISC BIND and is triggered by handling specific queries when using the nxdomain-redirect feature in certain BIND versions (9.9.8-S1 to 9.9.8-S3, 9.9.9-S1 to 9.9.9-S6, 9.11.0-9.11.0-P1). The vulnerability can cause a REQUIRE assertion failure in db.c, potentially crashing or s...
CVE-2011-2465
CVE-2011-2465 affects ISC BIND 9.8.0, 9.8.0-P1, 9.8.0-P2 and 9.8.1b1 with recursion enabled and RPZ containing DNAME or certain CNAMEs; an unspecified query can cause a denial of service (named daemon crash). Exploitation specifics are not provided in the sources. Public remediation notes include...
CVE-2014-8680
Vulnerability context (CVE-2014-8680): Affects ISC BIND 9.10.0–9.10.1. The DoS stems from GeoIP functionality when GeoIP databases are missing for IPv4/IPv6 or when IPv6 options are used, causing an assertion failure and named exit. Public references in the connected docs corroborate this DoS ris...
CVE-2002-0400
The CVE-2002-0400 issue affects ISC BIND 9 up to 9.2.0 (pre-9.2.1). A remote attacker can cause a DoS shutdown by sending a malformed DNS packet that triggers an internal error in dns_message_findtype() when the rdataset parameter is not NULL. Impact is denial of service (availability impact: par...
CVE-2006-2073
CVE-2006-2073 concerns an unspecified vulnerability in ISC BIND (DNS server) where remote attackers can cause a denial of service by sending a crafted DNS message containing a “broken” TSIG. The description notes this was demonstrated with the OUSPG PROTOS DNS test suite. The available documents ...
CVE-1999-0848
CVE-1999-0848 concerns a denial-of-service in ISC BIND’s named daemon caused by consuming more than the configured fdmax file descriptors. This is confirmed by the NVD entry and Red Hat security page, both citing the same DoS vector. The provided connected documents do not specify exact affected ...
CVE-1999-0849
CVE-1999-0849 describes a denial-of-service condition in BIND's named component triggered by maxdname. Connected sources specify affected versions: ISC BIND
CVE-2001-0010
CVE-2001-0010 describes a buffer overflow in the TSIG handling code of ISC BIND. The vulnerability is in BIND 8.2.x (and related TSIG processing paths) and can allow remote attackers to gain the same privileges as the BIND server (typically root) by sending specially crafted requests, enabling ar...
CVE-2005-0034
CVE-2005-0034 concerns BIND 9.3.0 where an “incorrect assumption” in the authvalidated validator function, active when DNSSEC is enabled, lets remote attackers cause a denial of service by sending crafted DNS packets that trigger a failing self-check and cause named to exit. The issue is document...
CVE-2026-1519
Impact: BIND 9 DNSSEC resolvers may consume excessive CPU when validating DNSSEC in a malicious zone. Affected product: BIND 9 series (versions 9.11.0–9.16.50, 9.18.0–9.18.46, 9.20.0–9.20.20, 9.21.0–9.21.19, plus 9.11.3-S1–9.16.50-S1, 9.18.11-S1–9.18.46-S1, and 9.20.9-S1–9.20.20-S1). Root cause: ...
CVE-2001-0497
CVE-2001-0497 concerns BIND: dnskeygen (<=8.2.4) and dnssec-keygen (
CVE-1999-0837
CVE-1999-0837 describes a denial-of-service in BIND caused by improperly closing TCP sessions via so_linger. The Red Hat entry and NVD confirm the issue; Nessus references indicate affected BIND versions and list remediation as upgrading to BIND 4.9.7-REL or 8.2.2-P5. The available documents do n...
CVE-2000-0335
The CVE-2000-0335 issue affects the resolver in glibc 2.1.3 , which uses predictable IDs. This design allows a local attacker to cause DNS query spoofing by manipulating IDs, undermining DNS query integrity. The vulnerability’s impact is described as the ability to spoof results, with a base CVSS...
CVE-2005-0033
CVE-2005-0033 affects BIND versions 8.4.4 and 8.4.5, due to a buffer overflow in the recursion/glue-fetching path that overflows the q_usedns array, enabling remote attackers to cause a denial-of-service (crash). Remediation: upgrade to BIND 8.4.6 or later (per multiple advisories).
CVE-2000-0888
The CVE-2000-0888 entry describes a DoS in ISC BIND 8.2–8.2.2-P6 when processing SRV records. Connected documents confirm the vulnerability in BIND’s SRV handling (the “srv bug”) and state that remote attackers can crash named by sending an SRV record. Impact is denial of service; vulnerable comp...
CVE-2001-0012
CVE-2001-0012 concerns ISC BIND 4.x and 8.x where an information-leak vulnerability allows a remote attacker to access environment variables by sending a specially crafted query. The CERT/CC and Debian/Red Hat advisories document that this issue arises in BIND 4/8 and can lead to leakage of sensi...
CVE-2006-0527
CVE-2006-0527 affects BIND 4 and BIND 8 when used as a target forwarder; it describes a Kashpureff-style DNS cache corruption that allows remote attackers to gain privileged access. The connected sources corroborate the same vulnerability description across NVD, CVE records, and repository entrie...
CVE-2002-2213
The CVE-2002-2213 entry describes a vulnerability in the DNS resolver of Infoblox DNS One (unspecified versions) where recursive resolution for arbitrary hosts can be poisoned via a birthday attack. This attack uses a large number of open queries for the same resource record and spoofed responses...
CVE-2000-0887
ISC BIND 8.2.x before 8.2.2-P7 is vulnerable to a remote denial‑of‑service via a compressed ZXFR zone transfer and a subsequent non‑cached authoritative query (the zxfr bug). An attacker permitted to perform zone transfers can crash the named daemon, disrupting DNS resolution. A patch to BIND 8.2...
CVE-2001-0013
CVE-2001-0013 describes a format-string vulnerability in the nslookupComplain() routine of ISC BIND 4. This flaw allows remote attackers to execute code with the BIND process’ privileges (typically root) by sending specially crafted DNS input. The CERT/CC note (CA-2001-02) identifies vulnerable v...
CVE-1999-1499
The CVE-1999-1499 entry describes a local privilege issue in ISC BIND 4.9 and 8.1. It is triggered by a symlink attack on either named_dump.db (when root kills the process with SIGINT) or named.stats (when SIGIOT is used), allowing local users to destroy files via the symlink mechanism. The linke...
CVE-2016-1284
CVE-2016-1284 affects ISC BIND 9 Supported Preview Edition 9.9.8-S prior to 9.9.8-S5. The root cause is a flaw in rdataset.c related to handling flag values in incoming queries when the nxdomain-redirect option is enabled. This can be exploited remotely by an unauthenticated attacker to trigger a...
CVE-2000-1029
CVE-2000-1029 describes a buffer overflow in the host command that lets a remote attacker execute arbitrary commands via a long response to an AXFR (zone transfer) query. The available documents confirm this vulnerability can yield complete confidentiality, integrity, and availability impact as i...
CVE-2026-3592
CVE-2026-3592 affects BIND resolvers. A specially crafted zone can cause amplified resource consumption, impacting availability (LOW) for various BIND 9 branches (9.11.0–9.16.50, 9.18.0–9.18.48, 9.20.0–9.20.22, 9.21.0–9.21.21, plus S1 variants). Public details confirm the vulnerability and affect...
CVE-2026-3593
A use-after-free vulnerability exists in BIND 9’s DNS-over-HTTPS implementation. Affected: BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1. Not affected: 9.18.0–9.18.48 and 9.18.11-S1–9.18.48-S1. Impact: memory corruption with potential denial of service or code execution (per Red H...
CVE-2026-5947
CVE-2026-5947 describes an undefined behavior due to a race condition in SIG(0) validation during DNS message processing under load. Affected are BIND 9.20.0–9.20.22, 9.21.0–9.21.21, and 9.20.9-S1–9.20.22-S1; versions 9.18.28–9.18.49 and 9.18.28-S1–9.18.49-S1 are not affected. Under a query flood...
CVE-2026-3104
CVE-2026-3104 describes a memory leak in BIND resolver code during DNSSEC non-existence proof preparation caused by processing a specially crafted domain. Affected: BIND 9.20.0–9.20.20, 9.21.0–9.21.19, and 9.20.9-S1–9.20.20-S1. Not affected: 9.18.x series. Impact: memory growth potentially leadin...
CVE-2026-3591
CVE-2026-3591 - Summary A stack use-after-return vulnerability exists in the BIND 9 named server’s SIG(0) handling. A specially crafted DNS request can cause the ACL to mis-match an IP address, potentially bypassing access controls in default-allow ACLs (where all non-denied IPs are allowed). The...
CVE-2026-3119
CVE-2026-3119 affects ISC BIND 9: when processing a correctly signed query containing a TSIG-signed TKEY, named may crash (terminate unexpectedly). Affected versions: 9.20.0–9.20.20, 9.21.0–9.21.19, and 9.20.9-S1–9.20.20-S1. Unaffected: 9.18.0–9.18.46 and 9.18.11-S1–9.18.46-S1. The issue requires...