Filtered by vendor Isc
Subscriptions
Filtered by product Bind
Subscriptions
Total
179 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3341 | 4 Debian, Fedoraproject, Isc and 1 more | 9 Debian Linux, Fedora, Bind and 6 more | 2025-12-02 | 7.5 High |
| The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. | ||||
| CVE-2025-40777 | 1 Isc | 1 Bind | 2025-11-04 | 7.5 High |
| If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1. | ||||
| CVE-2023-50387 | 8 Fedoraproject, Isc, Microsoft and 5 more | 18 Fedora, Bind, Windows Server 2008 and 15 more | 2025-11-04 | 7.5 High |
| Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. | ||||
| CVE-2025-40776 | 1 Isc | 1 Bind | 2025-07-22 | 8.6 High |
| A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1. | ||||
| CVE-2022-38178 | 5 Debian, Fedoraproject, Isc and 2 more | 8 Debian Linux, Fedora, Bind and 5 more | 2025-05-28 | 7.5 High |
| By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||||
| CVE-2022-38177 | 5 Debian, Fedoraproject, Isc and 2 more | 8 Debian Linux, Fedora, Bind and 5 more | 2025-05-28 | 7.5 High |
| By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | ||||
| CVE-2022-2906 | 1 Isc | 1 Bind | 2025-05-28 | 7.5 High |
| An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. | ||||
| CVE-2022-2881 | 1 Isc | 1 Bind | 2025-05-28 | 5.5 Medium |
| The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | ||||
| CVE-2016-9131 | 4 Debian, Isc, Netapp and 1 more | 14 Debian Linux, Bind, Data Ontap Edge and 11 more | 2025-04-20 | 7.5 High |
| named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. | ||||
| CVE-2016-9444 | 2 Isc, Redhat | 3 Bind, Enterprise Linux, Rhel Eus | 2025-04-20 | N/A |
| named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. | ||||
| CVE-2016-9147 | 2 Isc, Redhat | 6 Bind, Enterprise Linux, Rhel Aus and 3 more | 2025-04-20 | N/A |
| named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets. | ||||
| CVE-2014-3859 | 1 Isc | 1 Bind | 2025-04-12 | N/A |
| libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv. | ||||
| CVE-2014-8500 | 2 Isc, Redhat | 3 Bind, Enterprise Linux, Rhel Aus | 2025-04-12 | N/A |
| ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. | ||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2025-04-12 | N/A |
| The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | ||||
| CVE-2016-1284 | 1 Isc | 1 Bind | 2025-04-12 | N/A |
| rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query. | ||||
| CVE-2014-3214 | 1 Isc | 1 Bind | 2025-04-12 | N/A |
| The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. | ||||
| CVE-2016-2775 | 4 Fedoraproject, Hp, Isc and 1 more | 11 Fedora, Hp-ux, Bind and 8 more | 2025-04-12 | 5.9 Medium |
| ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | ||||
| CVE-2015-1349 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2025-04-12 | N/A |
| named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. | ||||
| CVE-2015-5722 | 3 Apple, Isc, Redhat | 5 Mac Os X Server, Bind, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. | ||||
| CVE-2015-5477 | 2 Isc, Redhat | 4 Bind, Enterprise Linux, Rhel Aus and 1 more | 2025-04-12 | N/A |
| named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries. | ||||