Max CVSS | 8.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-3145 | 5.0 |
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to
|
21-06-2023 - 18:19 | 16-01-2019 - 20:29 | |
CVE-2020-8624 | 4.0 |
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to ch
|
10-02-2023 - 17:42 | 21-08-2020 - 21:15 | |
CVE-2012-4244 | 7.8 |
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource re
|
09-12-2022 - 19:15 | 14-09-2012 - 10:33 | |
CVE-2020-8617 | 4.3 |
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local se
|
09-09-2022 - 17:47 | 19-05-2020 - 14:15 | |
CVE-2018-5740 | 5.0 |
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feat
|
12-04-2022 - 18:34 | 16-01-2019 - 20:29 | |
CVE-2020-8622 | 4.0 |
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed re
|
02-12-2021 - 22:19 | 21-08-2020 - 21:15 | |
CVE-2019-6471 | 4.3 |
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the
|
21-07-2021 - 11:39 | 09-10-2019 - 16:15 | |
CVE-2017-3139 | 5.0 |
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
|
14-05-2021 - 20:35 | 09-04-2019 - 18:29 | |
CVE-2019-6477 | 5.0 |
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resourc
|
20-10-2020 - 12:15 | 26-11-2019 - 16:15 | |
CVE-2018-5741 | 4.0 |
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client,
|
20-10-2020 - 12:15 | 16-01-2019 - 20:29 | |
CVE-2016-2775 | 4.3 |
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso
|
25-08-2020 - 20:18 | 19-07-2016 - 22:59 | |
CVE-2016-8864 | 5.0 |
named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive
|
17-08-2020 - 17:44 | 02-11-2016 - 17:59 | |
CVE-2015-8000 | 5.0 |
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
|
27-12-2019 - 16:08 | 16-12-2015 - 15:59 | |
CVE-2016-2776 | 7.8 |
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted
|
27-12-2019 - 16:08 | 28-09-2016 - 10:59 | |
CVE-2018-5743 | 4.3 |
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the co
|
18-12-2019 - 18:15 | 09-10-2019 - 16:15 | |
CVE-2019-6465 | 4.3 |
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9
|
16-12-2019 - 16:57 | 09-10-2019 - 16:15 | |
CVE-2018-5742 | 4.3 |
While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other
|
07-11-2019 - 18:33 | 30-10-2019 - 14:15 | |
CVE-2017-3137 | 5.0 |
Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which record
|
09-10-2019 - 23:27 | 16-01-2019 - 20:29 | |
CVE-2017-3135 | 4.3 |
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3
|
09-10-2019 - 23:27 | 16-01-2019 - 20:29 | |
CVE-2011-1910 | 5.0 |
Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative
|
09-10-2019 - 23:02 | 31-05-2011 - 20:55 | |
CVE-2017-3143 | 4.3 |
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. A
|
03-10-2019 - 00:03 | 16-01-2019 - 20:29 | |
CVE-2013-4854 | 7.8 |
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertio
|
22-04-2019 - 17:48 | 29-07-2013 - 13:59 | |
CVE-2012-5688 | 7.8 |
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
|
06-12-2018 - 19:14 | 06-12-2012 - 11:45 | |
CVE-2015-8704 | 6.8 |
apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.
|
30-10-2018 - 16:27 | 20-01-2016 - 15:59 | |
CVE-2015-4620 | 7.8 |
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon ex
|
30-10-2018 - 16:27 | 08-07-2015 - 14:59 | |
CVE-2012-3817 | 7.8 |
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote atta
|
30-10-2018 - 16:27 | 25-07-2012 - 10:42 | |
CVE-2013-2266 | 7.8 |
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as
|
30-10-2018 - 16:27 | 28-03-2013 - 16:55 | |
CVE-2011-2464 | 5.0 |
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
|
30-10-2018 - 16:27 | 08-07-2011 - 20:55 | |
CVE-2015-1349 | 5.4 |
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon cra
|
30-10-2018 - 16:27 | 19-02-2015 - 03:01 | |
CVE-2014-0591 | 2.6 |
The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemo
|
30-10-2018 - 16:27 | 14-01-2014 - 04:29 | |
CVE-2010-3614 | 6.4 |
named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attacke
|
10-10-2018 - 20:04 | 06-12-2010 - 13:44 | |
CVE-2016-9444 | 5.0 |
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
|
27-09-2018 - 10:29 | 12-01-2017 - 06:59 | |
CVE-2016-9147 | 5.0 |
named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.
|
27-09-2018 - 10:29 | 12-01-2017 - 06:59 | |
CVE-2016-2848 | 5.0 |
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.
|
27-09-2018 - 10:29 | 21-10-2016 - 10:59 | |
CVE-2012-1667 | 8.5 |
ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of
|
18-01-2018 - 02:29 | 05-06-2012 - 16:55 | |
CVE-2011-4313 | 5.0 |
query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named e
|
06-01-2018 - 02:29 | 29-11-2011 - 17:55 | |
CVE-2016-1286 | 5.0 |
named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.
|
21-11-2017 - 02:29 | 09-03-2016 - 23:59 | |
CVE-2015-5477 | 7.8 |
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
|
10-11-2017 - 02:29 | 29-07-2015 - 14:59 | |
CVE-2012-5166 | 7.8 |
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
|
19-09-2017 - 01:35 | 10-10-2012 - 21:55 | |
CVE-2014-8500 | 7.8 |
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referra
|
03-01-2017 - 02:59 | 11-12-2014 - 02:59 | |
CVE-2015-5722 | 7.8 |
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name
|
31-12-2016 - 02:59 | 05-09-2015 - 02:59 | |
CVE-2012-5689 | 7.1 |
ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemo
|
19-08-2016 - 18:31 | 25-01-2013 - 12:00 |