VYPR

Bind

by Isc

Source repositories

CVEs (201)

  • CVE-2026-5950MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.01

    An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9…

  • CVE-2026-3592MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through…

  • CVE-2020-8617May 19, 2020
    risk 0.10cvss epss 0.93

    Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers…

  • CVE-2015-5477Jul 29, 2015
    risk 0.10cvss epss 0.91

    named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

  • CVE-2006-0987Mar 3, 2006
    risk 0.08cvss epss 0.57

    The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification)…

  • CVE-2001-0010Feb 12, 2001
    risk 0.06cvss epss 0.32

    Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

  • CVE-2018-5740Jan 16, 2019
    risk 0.05cvss epss 0.59

    "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the…

  • CVE-2014-8500Dec 11, 2014
    risk 0.05cvss epss 0.66

    ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

  • CVE-2000-0887Dec 19, 2000
    risk 0.05cvss epss 0.23

    named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

  • CVE-2017-3136Jan 16, 2019
    risk 0.04cvss epss 0.11

    A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other…

  • CVE-2017-3135Jan 16, 2019
    risk 0.04cvss epss 0.17

    Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 ->…

  • CVE-2015-8000Dec 16, 2015
    risk 0.04cvss epss 0.55

    db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

  • CVE-2009-0696Jul 29, 2009
    risk 0.04cvss epss 0.13

    The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the…

  • CVE-2007-2930Sep 12, 2007
    risk 0.04cvss epss 0.08

    The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS…

  • CVE-2007-2926Jul 24, 2007
    risk 0.04cvss epss 0.13

    ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache…

  • CVE-2002-1220Nov 29, 2002
    risk 0.04cvss epss 0.10

    BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

  • CVE-2000-1029Dec 11, 2000
    risk 0.04cvss epss 0.14

    Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.

  • CVE-1999-0848Nov 10, 1999
    risk 0.04cvss epss 0.06

    Denial of service in BIND named via consuming more than "fdmax" file descriptors.

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-2023-50387Feb 14, 2024
    risk 0.03cvss epss 1.00

    Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with…

Page 3 of 11