Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2017-3145 | 5.0 |
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to
|
21-06-2023 - 18:19 | 16-01-2019 - 20:29 | |
CVE-2020-8617 | 4.3 |
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local se
|
09-09-2022 - 17:47 | 19-05-2020 - 14:15 | |
CVE-2020-8616 | 5.0 |
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of
|
20-10-2020 - 12:15 | 19-05-2020 - 14:15 | |
CVE-2016-2775 | 4.3 |
ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight reso
|
25-08-2020 - 20:18 | 19-07-2016 - 22:59 | |
CVE-2017-3143 | 4.3 |
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. A
|
03-10-2019 - 00:03 | 16-01-2019 - 20:29 | |
CVE-2017-3142 | 4.3 |
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server tha
|
30-08-2019 - 17:15 | 16-01-2019 - 20:29 |