Vendor CVEs
Isc
All CVEs
270 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0034 | 0.01 | — | 0.06 | May 2, 2005 | An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | |||
| CVE-2004-1006 | 0.01 | — | 0.08 | Mar 1, 2005 | Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. | |||
| CVE-2004-0461 | 0.01 | — | 0.17 | Aug 6, 2004 | The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that… | |||
| CVE-2004-0045 | 0.01 | — | 0.09 | Feb 3, 2004 | Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. | |||
| CVE-2003-0039 | 0.01 | — | 0.08 | Feb 7, 2003 | ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. | |||
| CVE-2002-2211 | 0.01 | — | 0.08 | Dec 31, 2002 | BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases… | |||
| CVE-2002-1219 | 0.01 | — | 0.12 | Nov 29, 2002 | Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). | |||
| CVE-2002-1221 | 0.01 | — | 0.08 | Nov 29, 2002 | BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | |||
| CVE-2002-0029 | 0.01 | — | 0.10 | Nov 29, 2002 | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)… | |||
| CVE-2002-0651 | 0.01 | — | 0.13 | Jul 3, 2002 | Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. | |||
| CVE-2002-0400 | 0.01 | — | 0.14 | Jun 18, 2002 | ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka… | |||
| CVE-2001-0013 | 0.01 | — | 0.11 | Feb 12, 2001 | Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. | |||
| CVE-2001-0011 | 0.01 | — | 0.08 | Feb 12, 2001 | Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. | |||
| CVE-2000-0888 | 0.01 | — | 0.08 | Dec 19, 2000 | named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." | |||
| CVE-2000-0585 | 0.01 | — | 0.07 | Jun 24, 2000 | ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. | |||
| CVE-2026-3608 | 0.00 | — | 0.01 | Mar 25, 2026 | Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and… | |||
| CVE-2024-28872 | 0.00 | — | 0.00 | Jul 11, 2024 | The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service… | |||
| CVE-2023-6516 | 0.00 | — | 0.01 | Feb 13, 2024 | To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first… | |||
| CVE-2023-5680 | 0.00 | — | 0.01 | Feb 13, 2024 | If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through… | |||
| CVE-2023-5679 | 0.00 | — | 0.01 | Feb 13, 2024 | A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19,… | |||
| CVE-2023-5517 | 0.00 | — | 0.01 | Feb 13, 2024 | A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN… | |||
| CVE-2023-4408 | 0.00 | — | 0.01 | Feb 13, 2024 | The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw.… | |||
| CVE-2023-4236 | 0.00 | — | 0.02 | Sep 20, 2023 | A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions… | |||
| CVE-2023-3341 | 0.00 | — | 0.03 | Sep 20, 2023 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of… | |||
| CVE-2023-2911 | 0.00 | — | 0.03 | Jun 21, 2023 | If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This… | |||
| CVE-2023-2829 | 0.00 | — | 0.01 | Jun 21, 2023 | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9… | |||
| CVE-2023-2828 | 0.00 | — | 0.04 | Jun 21, 2023 | Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the… | |||
| CVE-2022-3924 | 0.00 | — | 0.16 | Jan 25, 2023 | This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase… | |||
| CVE-2022-3736 | 0.00 | — | 0.50 | Jan 25, 2023 | BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0… | |||
| CVE-2022-3094 | 0.00 | — | 0.13 | Jan 25, 2023 | Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access… | |||
| CVE-2022-37980 | 0.00 | — | 0.01 | Oct 11, 2022 | Windows DHCP Client Elevation of Privilege Vulnerability | |||
| CVE-2022-2929 | 0.00 | — | 0.01 | Oct 7, 2022 | In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | |||
| CVE-2022-2928 | 0.00 | — | 0.01 | Oct 7, 2022 | In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount… | |||
| CVE-2022-3080 | 0.00 | — | 0.01 | Sep 21, 2022 | By sending specific queries to the resolver, an attacker can cause named to crash. | |||
| CVE-2022-38178 | 0.00 | — | 0.02 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||
| CVE-2022-38177 | 0.00 | — | 0.02 | Sep 21, 2022 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||
| CVE-2022-2906 | 0.00 | — | 0.02 | Sep 21, 2022 | An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. | |||
| CVE-2022-2881 | 0.00 | — | 0.01 | Sep 21, 2022 | The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | |||
| CVE-2022-2795 | 0.00 | — | 0.01 | Sep 21, 2022 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | |||
| CVE-2022-1183 | 0.00 | — | 0.05 | May 19, 2022 | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and… | |||
| CVE-2021-25220 | 0.00 | — | 0.03 | Mar 23, 2022 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but… | |||
| CVE-2022-0635 | 0.00 | — | 0.01 | Mar 23, 2022 | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | |||
| CVE-2022-0396 | 0.00 | — | 0.03 | Mar 23, 2022 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has… | |||
| CVE-2022-0667 | 0.00 | — | 0.01 | Mar 22, 2022 | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | |||
| CVE-2021-25219 | 0.00 | — | 0.08 | Oct 27, 2021 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a… | |||
| CVE-2021-25218 | 0.00 | — | 0.04 | Aug 18, 2021 | In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND… | |||
| CVE-2021-31998 | 0.00 | — | 0.00 | Jun 10, 2021 | A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux… | |||
| CVE-2021-25217 | 0.00 | — | 0.06 | May 26, 2021 | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the… | |||
| CVE-2021-25215 | 0.00 | — | 0.11 | Apr 29, 2021 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a… | |||
| CVE-2021-25214 | 0.00 | — | 0.06 | Apr 29, 2021 | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of… |
- CVE-2005-0034May 2, 2005risk 0.01cvss —epss 0.06
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
- CVE-2004-1006Mar 1, 2005risk 0.01cvss —epss 0.08
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
- CVE-2004-0461Aug 6, 2004risk 0.01cvss —epss 0.17
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that…
- CVE-2004-0045Feb 3, 2004risk 0.01cvss —epss 0.09
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
- CVE-2003-0039Feb 7, 2003risk 0.01cvss —epss 0.08
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
- CVE-2002-2211Dec 31, 2002risk 0.01cvss —epss 0.08
BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases…
- CVE-2002-1219Nov 29, 2002risk 0.01cvss —epss 0.12
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
- CVE-2002-1221Nov 29, 2002risk 0.01cvss —epss 0.08
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
- CVE-2002-0029Nov 29, 2002risk 0.01cvss —epss 0.10
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2)…
- CVE-2002-0651Jul 3, 2002risk 0.01cvss —epss 0.13
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
- CVE-2002-0400Jun 18, 2002risk 0.01cvss —epss 0.14
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka…
- CVE-2001-0013Feb 12, 2001risk 0.01cvss —epss 0.11
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
- CVE-2001-0011Feb 12, 2001risk 0.01cvss —epss 0.08
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
- CVE-2000-0888Dec 19, 2000risk 0.01cvss —epss 0.08
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
- CVE-2000-0585Jun 24, 2000risk 0.01cvss —epss 0.07
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
- CVE-2026-3608Mar 25, 2026risk 0.00cvss —epss 0.01
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and…
- CVE-2024-28872Jul 11, 2024risk 0.00cvss —epss 0.00
The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service…
- CVE-2023-6516Feb 13, 2024risk 0.00cvss —epss 0.01
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first…
- CVE-2023-5680Feb 13, 2024risk 0.00cvss —epss 0.01
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through…
- CVE-2023-5679Feb 13, 2024risk 0.00cvss —epss 0.01
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19,…
- CVE-2023-5517Feb 13, 2024risk 0.00cvss —epss 0.01
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect ;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN…
- CVE-2023-4408Feb 13, 2024risk 0.00cvss —epss 0.01
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw.…
- CVE-2023-4236Sep 20, 2023risk 0.00cvss —epss 0.02
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions…
- CVE-2023-3341Sep 20, 2023risk 0.00cvss —epss 0.03
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of…
- CVE-2023-2911Jun 21, 2023risk 0.00cvss —epss 0.03
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This…
- CVE-2023-2829Jun 21, 2023risk 0.00cvss —epss 0.01
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9…
- CVE-2023-2828Jun 21, 2023risk 0.00cvss —epss 0.04
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the…
- CVE-2022-3924Jan 25, 2023risk 0.00cvss —epss 0.16
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase…
- CVE-2022-3736Jan 25, 2023risk 0.00cvss —epss 0.50
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0…
- CVE-2022-3094Jan 25, 2023risk 0.00cvss —epss 0.13
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access…
- CVE-2022-37980Oct 11, 2022risk 0.00cvss —epss 0.01
Windows DHCP Client Elevation of Privilege Vulnerability
- CVE-2022-2929Oct 7, 2022risk 0.00cvss —epss 0.01
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
- CVE-2022-2928Oct 7, 2022risk 0.00cvss —epss 0.01
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount…
- CVE-2022-3080Sep 21, 2022risk 0.00cvss —epss 0.01
By sending specific queries to the resolver, an attacker can cause named to crash.
- CVE-2022-38178Sep 21, 2022risk 0.00cvss —epss 0.02
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-38177Sep 21, 2022risk 0.00cvss —epss 0.02
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
- CVE-2022-2906Sep 21, 2022risk 0.00cvss —epss 0.02
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
- CVE-2022-2881Sep 21, 2022risk 0.00cvss —epss 0.01
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
- CVE-2022-2795Sep 21, 2022risk 0.00cvss —epss 0.01
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
- CVE-2022-1183May 19, 2022risk 0.00cvss —epss 0.05
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and…
- CVE-2021-25220Mar 23, 2022risk 0.00cvss —epss 0.03
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but…
- CVE-2022-0635Mar 23, 2022risk 0.00cvss —epss 0.01
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
- CVE-2022-0396Mar 23, 2022risk 0.00cvss —epss 0.03
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has…
- CVE-2022-0667Mar 22, 2022risk 0.00cvss —epss 0.01
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
- CVE-2021-25219Oct 27, 2021risk 0.00cvss —epss 0.08
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a…
- CVE-2021-25218Aug 18, 2021risk 0.00cvss —epss 0.04
In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND…
- CVE-2021-31998Jun 10, 2021risk 0.00cvss —epss 0.00
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux…
- CVE-2021-25217May 26, 2021risk 0.00cvss —epss 0.06
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the…
- CVE-2021-25215Apr 29, 2021risk 0.00cvss —epss 0.11
In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a…
- CVE-2021-25214Apr 29, 2021risk 0.00cvss —epss 0.06
In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of…
Page 4 of 6