Lucene search

K
IscBind

43 matches found

CVE
CVE
added 2006/03/03 11:2 a.m.13465 views

CVE-2006-0987

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with...

5CVSS9.1AI score0.27831EPSS
CVE
CVE
added 2021/10/27 9:15 p.m.697 views

CVE-2021-25219

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw...

5.3CVSS5.8AI score0.00518EPSS
CVE
CVE
added 2022/09/21 11:15 a.m.663 views

CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

5.3CVSS6.5AI score0.00375EPSS
CVE
CVE
added 2019/10/09 4:15 p.m.485 views

CVE-2019-6465

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9...

5.3CVSS6.3AI score0.00602EPSS
CVE
CVE
added 2014/05/09 1:55 a.m.481 views

CVE-2014-3214

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.

5CVSS8.8AI score0.11256EPSS
CVE
CVE
added 2016/07/19 10:59 p.m.444 views

CVE-2016-2775

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

5.9CVSS5.7AI score0.34225EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.439 views

CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with ...

5.3CVSS6.2AI score0.05228EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.434 views

CVE-2017-3136

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were m...

5.9CVSS6.8AI score0.38166EPSS
CVE
CVE
added 2015/12/16 3:59 p.m.430 views

CVE-2015-8000

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

5CVSS6.7AI score0.54087EPSS
CVE
CVE
added 2010/12/06 1:44 p.m.391 views

CVE-2010-3615

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

5CVSS9.1AI score0.09151EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.370 views

CVE-1999-0024

DNS cache poisoning via BIND, by predictable query IDs.

5CVSS6.7AI score0.01325EPSS
CVE
CVE
added 2015/02/19 3:1 a.m.364 views

CVE-2015-1349

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor manag...

5.4CVSS8.2AI score0.27043EPSS
CVE
CVE
added 2019/10/09 4:15 p.m.360 views

CVE-2019-6471

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version...

5.9CVSS5.8AI score0.01639EPSS
CVE
CVE
added 2022/03/23 11:15 a.m.309 views

CVE-2022-0396

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the co...

5.3CVSS5.9AI score0.0001EPSS
CVE
CVE
added 2024/02/13 2:15 p.m.245 views

CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1...

5.3CVSS5AI score0.0009EPSS
CVE
CVE
added 2012/02/08 8:55 p.m.216 views

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

5CVSS8.1AI score0.00985EPSS
CVE
CVE
added 2011/05/31 8:55 p.m.206 views

CVE-2011-1910

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

5CVSS8.1AI score0.3401EPSS
CVE
CVE
added 2011/11/29 5:55 p.m.197 views

CVE-2011-4313

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS...

5CVSS8AI score0.26111EPSS
CVE
CVE
added 2011/05/09 10:55 p.m.132 views

CVE-2011-1907

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

5CVSS8.1AI score0.22514EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.122 views

CVE-2018-5736

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable se...

5.3CVSS5.7AI score0.44156EPSS
CVE
CVE
added 2011/07/08 8:55 p.m.97 views

CVE-2011-2464

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.

5CVSS8AI score0.33142EPSS
CVE
CVE
added 2019/01/16 8:29 p.m.92 views

CVE-2017-3140

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

5.9CVSS4.9AI score0.20397EPSS
CVE
CVE
added 2019/11/05 7:15 p.m.86 views

CVE-2013-5661

Cache Poisoning issue exists in DNS Response Rate Limiting.

5.9CVSS5.7AI score0.01066EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.81 views

CVE-2002-1220

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

5CVSS6.3AI score0.19177EPSS
CVE
CVE
added 1999/09/29 4:0 a.m.75 views

CVE-1999-0010

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

5CVSS6.8AI score0.02EPSS
CVE
CVE
added 2007/07/24 5:30 p.m.73 views

CVE-2007-2925

The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

5.8CVSS8.4AI score0.03209EPSS
CVE
CVE
added 2006/09/06 12:4 a.m.70 views

CVE-2006-4096

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

5CVSS7.2AI score0.24501EPSS
CVE
CVE
added 2010/10/05 10:0 p.m.67 views

CVE-2010-0218

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.

5CVSS6.1AI score0.02115EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.64 views

CVE-2002-1221

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

5CVSS6.2AI score0.03661EPSS
CVE
CVE
added 2014/06/13 11:19 a.m.62 views

CVE-2014-3859

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.

5CVSS7.2AI score0.29819EPSS
CVE
CVE
added 2006/05/23 4:0 p.m.61 views

CVE-2002-2212

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed response...

5CVSS6.8AI score0.02585EPSS
CVE
CVE
added 2006/05/23 4:0 p.m.58 views

CVE-2002-2211

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of su...

5CVSS6.7AI score0.03336EPSS
CVE
CVE
added 2014/12/11 2:59 a.m.57 views

CVE-2014-8680

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.

5.4CVSS6.5AI score0.0304EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.55 views

CVE-1999-0848

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

5CVSS6.6AI score0.10156EPSS
CVE
CVE
added 2006/04/27 10:2 p.m.54 views

CVE-2006-2073

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.

5CVSS7.2AI score0.06776EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.52 views

CVE-2002-0400

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.

5CVSS6.4AI score0.27728EPSS
CVE
CVE
added 2000/01/04 5:0 a.m.50 views

CVE-1999-0849

Denial of service in BIND named via maxdname.

5CVSS6.6AI score0.01854EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.45 views

CVE-2000-0888

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

5CVSS6.6AI score0.15771EPSS
CVE
CVE
added 2001/05/07 4:0 a.m.43 views

CVE-2001-0012

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.

5CVSS6.2AI score0.20024EPSS
CVE
CVE
added 2001/01/22 5:0 a.m.42 views

CVE-2000-0887

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

5CVSS6.6AI score0.173EPSS
CVE
CVE
added 2006/05/23 4:0 p.m.42 views

CVE-2002-2213

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed respo...

5CVSS6.8AI score0.02585EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.39 views

CVE-2005-0033

Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.

5CVSS6.8AI score0.32012EPSS
CVE
CVE
added 2016/02/04 11:59 a.m.34 views

CVE-2016-1284

rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.

5.9CVSS5.6AI score0.09482EPSS