Bind@* Security Vulnerabilities and Issues — Bind@* CVE List

Lucene search

IscBind*

8 matches found

CVE•added 2023/09/20 1:15 p.m.•752 views

CVE-2023-3341

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, c...

7.5CVSS7.9AI score0.00211EPSS

CVE•added 2023/01/26 9:15 p.m.•583 views

CVE-2022-3094

Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is...

7.5CVSS7.2AI score0.01034EPSS

CVE•added 2023/06/21 5:15 p.m.•537 views

CVE-2023-2828

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it def...

7.5CVSS8AI score0.00658EPSS

CVE•added 2023/01/26 9:16 p.m.•516 views

CVE-2022-3924

This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients...

7.5CVSS7.5AI score0.0059EPSS

CVE•added 2023/01/26 9:15 p.m.•482 views

CVE-2022-3736

BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query.This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-...

7.5CVSS7.5AI score0.01144EPSS

CVE•added 2023/06/21 5:15 p.m.•204 views

CVE-2023-2829

A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled can be remotely terminated using a zone with a malformed NSEC record.This issue affects BIND 9 versions 9.16.8-S1 through 9.16...

7.5CVSS7.7AI score0.00072EPSS

CVE•added 2023/09/20 1:15 p.m.•187 views

CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 an...

7.5CVSS7.5AI score0.0013EPSS

CVE•added 2023/06/21 5:15 p.m.•145 views

CVE-2023-2911

If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow.This issue affects BIND 9 versions ...

7.5CVSS7.6AI score0.0014EPSS