rpm package

opensuse/bind&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/bind&distro=openSUSE%20Tumbleweed

Vulnerabilities (109)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-5517	—	< 9.18.24-1.1	9.18.24-1.1	Feb 13, 2024	A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response
CVE-2023-4408	—	< 9.18.24-1.1	9.18.24-1.1	Feb 13, 2024	The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. T
CVE-2023-4236	—	< 9.18.19-1.1	9.18.19-1.1	Sep 20, 2023	A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.1
CVE-2023-3341	—	< 9.18.19-1.1	9.18.19-1.1	Sep 20, 2023	The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of avai
CVE-2023-2911	—	< 9.18.16-1.1	9.18.16-1.1	Jun 21, 2023	If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This is
CVE-2023-2828	—	< 9.18.16-1.1	9.18.16-1.1	Jun 21, 2023	Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the con
CVE-2022-3924	—	< 9.18.11-1.1	9.18.11-1.1	Jan 25, 2023	This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase
CVE-2022-3736	—	< 9.18.11-1.1	9.18.11-1.1	Jan 25, 2023	BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 throug
CVE-2022-3094	—	< 9.18.11-1.1	9.18.11-1.1	Jan 25, 2023	Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access p
CVE-2022-3080	—	< 9.18.7-1.1	9.18.7-1.1	Sep 21, 2022	By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2022-38178	—	< 9.18.7-1.1	9.18.7-1.1	Sep 21, 2022	By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CVE-2022-2906	—	< 9.18.7-1.1	9.18.7-1.1	Sep 21, 2022	An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
CVE-2022-2881	—	< 9.18.7-1.1	9.18.7-1.1	Sep 21, 2022	The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
CVE-2022-2795	—	< 9.18.7-1.1	9.18.7-1.1	Sep 21, 2022	By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
CVE-2022-1183	—	< 9.18.3-1.1	9.18.3-1.1	May 19, 2022	On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS
CVE-2021-25220	—	< 9.18.2-1.1	9.18.2-1.1	Mar 23, 2022	BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have
CVE-2022-0635	—	< 9.18.2-1.1	9.18.2-1.1	Mar 23, 2022	Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
CVE-2022-0396	—	< 9.18.2-1.1	9.18.2-1.1	Mar 23, 2022	BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has termina
CVE-2022-0667	—	< 9.18.2-1.1	9.18.2-1.1	Mar 22, 2022	When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
CVE-2021-25219	—	< 9.16.20-3.1	9.16.20-3.1	Oct 27, 2021	In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a

CVE-2023-5517Feb 13, 2024
affected < 9.18.24-1.1fixed 9.18.24-1.1
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response
CVE-2023-4408Feb 13, 2024
affected < 9.18.24-1.1fixed 9.18.24-1.1
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. T
CVE-2023-4236Sep 20, 2023
affected < 9.18.19-1.1fixed 9.18.19-1.1
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.1
CVE-2023-3341Sep 20, 2023
affected < 9.18.19-1.1fixed 9.18.19-1.1
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of avai
CVE-2023-2911Jun 21, 2023
affected < 9.18.16-1.1fixed 9.18.16-1.1
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This is
CVE-2023-2828Jun 21, 2023
affected < 9.18.16-1.1fixed 9.18.16-1.1
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the con
CVE-2022-3924Jan 25, 2023
affected < 9.18.11-1.1fixed 9.18.11-1.1
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase
CVE-2022-3736Jan 25, 2023
affected < 9.18.11-1.1fixed 9.18.11-1.1
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 throug
CVE-2022-3094Jan 25, 2023
affected < 9.18.11-1.1fixed 9.18.11-1.1
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access p
CVE-2022-3080Sep 21, 2022
affected < 9.18.7-1.1fixed 9.18.7-1.1
By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2022-38178Sep 21, 2022
affected < 9.18.7-1.1fixed 9.18.7-1.1
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CVE-2022-2906Sep 21, 2022
affected < 9.18.7-1.1fixed 9.18.7-1.1
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
CVE-2022-2881Sep 21, 2022
affected < 9.18.7-1.1fixed 9.18.7-1.1
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
CVE-2022-2795Sep 21, 2022
affected < 9.18.7-1.1fixed 9.18.7-1.1
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
CVE-2022-1183May 19, 2022
affected < 9.18.3-1.1fixed 9.18.3-1.1
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS
CVE-2021-25220Mar 23, 2022
affected < 9.18.2-1.1fixed 9.18.2-1.1
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have
CVE-2022-0635Mar 23, 2022
affected < 9.18.2-1.1fixed 9.18.2-1.1
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
CVE-2022-0396Mar 23, 2022
affected < 9.18.2-1.1fixed 9.18.2-1.1
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has termina
CVE-2022-0667Mar 22, 2022
affected < 9.18.2-1.1fixed 9.18.2-1.1
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
CVE-2021-25219Oct 27, 2021
affected < 9.16.20-3.1fixed 9.16.20-3.1
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a

Page 2 of 6