VYPR

Bind9

by Isc

Source repositories

CVEs (8)

  • CVE-2025-40780HigOct 22, 2025
    risk 0.56cvss 8.6epss 0.00

    In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39,…

  • CVE-2024-0760HigJul 23, 2024
    risk 0.50cvss 7.5epss 0.05

    A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through…

  • CVE-2026-5947HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would…

  • CVE-2026-5946HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.02

    Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests…

  • CVE-2026-3039HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS…

  • CVE-2026-3593HigMay 20, 2026
    risk 0.48cvss 7.4epss 0.02

    A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT…

  • CVE-2026-5950MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.01

    An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9…

  • CVE-2026-3592MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through…