Bind
by Isc
Source repositories
CVEs (201)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3080 | 0.00 | — | 0.01 | Sep 21, 2022 | By sending specific queries to the resolver, an attacker can cause named to crash. | |||
| CVE-2022-38178 | 0.00 | — | 0.02 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||
| CVE-2022-38177 | 0.00 | — | 0.02 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||
| CVE-2022-2906 | 0.00 | — | 0.02 | Sep 21, 2022 | An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. | |||
| CVE-2022-2881 | 0.00 | — | 0.01 | Sep 21, 2022 | The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | |||
| CVE-2022-2795 | 0.00 | — | 0.01 | Sep 21, 2022 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | |||
| CVE-2022-1183 | 0.00 | — | 0.05 | May 19, 2022 | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and… | |||
| CVE-2021-25220 | 0.00 | — | 0.03 | Mar 23, 2022 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but… | |||
| CVE-2022-0635 | 0.00 | — | 0.01 | Mar 23, 2022 | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||
| CVE-2022-0396 | 0.00 | — | 0.03 | Mar 23, 2022 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has… | |||
| CVE-2022-0667 | 0.00 | — | 0.01 | Mar 22, 2022 | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |||
| CVE-2021-25219 | 0.00 | — | 0.08 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a… | |||
| CVE-2021-25218 | 0.00 | — | 0.04 | Aug 18, 2021 | In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND… | |||
| CVE-2021-25215 | 0.00 | — | 0.11 | Apr 29, 2021 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a… | |||
| CVE-2021-25214 | 0.00 | — | 0.06 | Apr 29, 2021 | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of… | |||
| CVE-2020-8624 | 0.00 | — | 0.04 | Aug 21, 2020 | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the… | |||
| CVE-2020-8622 | 0.00 | — | 0.06 | Aug 21, 2020 | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated… | |||
| CVE-2020-8621 | 0.00 | — | 0.03 | Aug 21, 2020 | In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not… | |||
| CVE-2020-8618 | 0.00 | — | 0.02 | Jun 17, 2020 | An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. | |||
| CVE-2019-6477 | 0.00 | — | 0.04 | Nov 26, 2019 | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been… |
- CVE-2022-3080Sep 21, 2022risk 0.00cvss —epss 0.01
By sending specific queries to the resolver, an attacker can cause named to crash.
- CVE-2022-38178Sep 21, 2022risk 0.00cvss —epss 0.02
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-38177Sep 21, 2022risk 0.00cvss —epss 0.02
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-2906Sep 21, 2022risk 0.00cvss —epss 0.02
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
- CVE-2022-2881Sep 21, 2022risk 0.00cvss —epss 0.01
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
- CVE-2022-2795Sep 21, 2022risk 0.00cvss —epss 0.01
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
- CVE-2022-1183May 19, 2022risk 0.00cvss —epss 0.05
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and…
- CVE-2021-25220Mar 23, 2022risk 0.00cvss —epss 0.03
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but…
- CVE-2022-0635Mar 23, 2022risk 0.00cvss —epss 0.01
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
- CVE-2022-0396Mar 23, 2022risk 0.00cvss —epss 0.03
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has…
- CVE-2022-0667Mar 22, 2022risk 0.00cvss —epss 0.01
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
- CVE-2021-25219Oct 27, 2021risk 0.00cvss —epss 0.08
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a…
- CVE-2021-25218Aug 18, 2021risk 0.00cvss —epss 0.04
In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND…
- CVE-2021-25215Apr 29, 2021risk 0.00cvss —epss 0.11
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a…
- CVE-2021-25214Apr 29, 2021risk 0.00cvss —epss 0.06
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of…
- CVE-2020-8624Aug 21, 2020risk 0.00cvss —epss 0.04
In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the…
- CVE-2020-8622Aug 21, 2020risk 0.00cvss —epss 0.06
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated…
- CVE-2020-8621Aug 21, 2020risk 0.00cvss —epss 0.03
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not…
- CVE-2020-8618Jun 17, 2020risk 0.00cvss —epss 0.02
An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.
- CVE-2019-6477Nov 26, 2019risk 0.00cvss —epss 0.04
With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been…
Page 8 of 11