rpm package
suse/bind&distro=SUSE Linux Enterprise Module for Server Applications 15 SP4
pkg:rpm/suse/bind&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3341 | — | < 9.16.44-150400.5.37.2 | 9.16.44-150400.5.37.2 | Sep 20, 2023 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of avai | ||
| CVE-2023-2911 | — | < 9.16.42-150400.5.27.1 | 9.16.42-150400.5.27.1 | Jun 21, 2023 | If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This is | ||
| CVE-2023-2828 | — | < 9.16.42-150400.5.27.1 | 9.16.42-150400.5.27.1 | Jun 21, 2023 | Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the con | ||
| CVE-2022-3924 | — | < 9.16.37-150400.5.17.1 | 9.16.37-150400.5.17.1 | Jan 25, 2023 | This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase | ||
| CVE-2022-3736 | — | < 9.16.37-150400.5.17.1 | 9.16.37-150400.5.17.1 | Jan 25, 2023 | BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 throug | ||
| CVE-2022-3094 | — | < 9.16.37-150400.5.17.1 | 9.16.37-150400.5.17.1 | Jan 25, 2023 | Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access p | ||
| CVE-2022-3080 | — | < 9.16.33-150400.5.11.1 | 9.16.33-150400.5.11.1 | Sep 21, 2022 | By sending specific queries to the resolver, an attacker can cause named to crash. | ||
| CVE-2022-38178 | — | < 9.16.33-150400.5.11.1 | 9.16.33-150400.5.11.1 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||
| CVE-2022-38177 | — | < 9.16.33-150400.5.11.1 | 9.16.33-150400.5.11.1 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||
| CVE-2022-2795 | — | < 9.16.33-150400.5.11.1 | 9.16.33-150400.5.11.1 | Sep 21, 2022 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | ||
| CVE-2021-25220 | — | < 9.16.31-150400.5.6.1 | 9.16.31-150400.5.6.1 | Mar 23, 2022 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have | ||
| CVE-2022-0396 | — | < 9.16.31-150400.5.6.1 | 9.16.31-150400.5.6.1 | Mar 23, 2022 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has termina | ||
| CVE-2021-25219 | — | < 9.16.31-150400.5.6.1 | 9.16.31-150400.5.6.1 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a |
- CVE-2023-3341Sep 20, 2023affected < 9.16.44-150400.5.37.2fixed 9.16.44-150400.5.37.2
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of avai
- CVE-2023-2911Jun 21, 2023affected < 9.16.42-150400.5.27.1fixed 9.16.42-150400.5.27.1
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This is
- CVE-2023-2828Jun 21, 2023affected < 9.16.42-150400.5.27.1fixed 9.16.42-150400.5.27.1
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the con
- CVE-2022-3924Jan 25, 2023affected < 9.16.37-150400.5.17.1fixed 9.16.37-150400.5.17.1
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase
- CVE-2022-3736Jan 25, 2023affected < 9.16.37-150400.5.17.1fixed 9.16.37-150400.5.17.1
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 throug
- CVE-2022-3094Jan 25, 2023affected < 9.16.37-150400.5.17.1fixed 9.16.37-150400.5.17.1
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access p
- CVE-2022-3080Sep 21, 2022affected < 9.16.33-150400.5.11.1fixed 9.16.33-150400.5.11.1
By sending specific queries to the resolver, an attacker can cause named to crash.
- CVE-2022-38178Sep 21, 2022affected < 9.16.33-150400.5.11.1fixed 9.16.33-150400.5.11.1
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-38177Sep 21, 2022affected < 9.16.33-150400.5.11.1fixed 9.16.33-150400.5.11.1
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-2795Sep 21, 2022affected < 9.16.33-150400.5.11.1fixed 9.16.33-150400.5.11.1
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
- CVE-2021-25220Mar 23, 2022affected < 9.16.31-150400.5.6.1fixed 9.16.31-150400.5.6.1
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have
- CVE-2022-0396Mar 23, 2022affected < 9.16.31-150400.5.6.1fixed 9.16.31-150400.5.6.1
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has termina
- CVE-2021-25219Oct 27, 2021affected < 9.16.31-150400.5.6.1fixed 9.16.31-150400.5.6.1
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a