bind

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A complete, highly portable implementation of the DNS protocol
Version 9.16.6-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1191 9.16.3-1 9.16.4-1 Medium Fixed
AVG-1165 9.16.2-2 9.16.3-1 High Fixed
AVG-1056 9.14.6-1 9.14.7-1 Medium Fixed
AVG-915 9.13.5-5 9.13.7-1 High Fixed
AVG-718 9.13.0-2 9.13.2-1 Medium Fixed
AVG-706 9.12.1-1 9.12.1.P2-1 Medium Fixed
AVG-589 9.11.2-1 9.11.2.P1-1 High Fixed
AVG-335 9.11.1.P1-1 9.11.1.P2-1 High Fixed
AVG-301 9.11.1-1 9.11.1.P1-1 Medium Fixed
AVG-239 9.11.0.P3-4 9.11.1-1 High Fixed
AVG-169 9.11.0.P2-1 9.11.0.P3-1 High Fixed
AVG-132 9.11.0.P1-3 9.11.0.P2-1 High Fixed
AVG-59 9.11.0-2 9.11.0.P1-1 High Fixed
AVG-36 9.10.4.P2-1 9.10.4.P3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2020-8619 AVG-1191 Medium Yes Denial of service
An issue has been found in Bind before 9.16.4, where an asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c. The asterisk...
CVE-2020-8618 AVG-1191 Medium Yes Denial of service
An assertion check in BIND before 9.16.4 (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly...
CVE-2020-8617 AVG-1165 High Yes Denial of service
An error in bind before 9.16.3 in the code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger...
CVE-2020-8616 AVG-1165 High Yes Denial of service
An issue has been found in bind before 9.16.3, which does not sufficiently limit the number of fetches which may be performed while processing a referral...
CVE-2019-6476 AVG-1056 Medium Yes Denial of service
An error in QNAME minimization code can cause bind  before 9.14.7 and 9.15.5 to exit with an assertion failure.
CVE-2019-6475 AVG-1056 Medium Yes Content spoofing
A security issue has been found in Bind before 9.14.7 and 9.15.5, where a mirror zone validity checking can allow zone data to be spoofed.
CVE-2019-6465 AVG-915 Medium Yes Access restriction bypass
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7. A client...
CVE-2018-5745 AVG-915 Medium Yes Denial of service
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in...
CVE-2018-5744 AVG-915 High Yes Denial of service
A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9.13.7. By...
CVE-2018-5738 AVG-718 Medium Yes Access restriction bypass
BIND <= 9.13.0 can improperly permit recursive query service to unauthorized clients. When "recursion yes;" is in effect and no match list values are...
CVE-2018-5737 AVG-706 Medium Yes Denial of service
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
CVE-2018-5736 AVG-706 Medium Yes Denial of service
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several...
CVE-2017-3145 AVG-589 High Yes Denial of service
A use-after-free flaw leading to denial of service was found in the way BIND before 9.11.2.P1, 9.10.6-P1 and 9.9.11-P1 internally handled cleanup operations...
CVE-2017-3143 AVG-335 High Yes Access restriction bypass
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized...
CVE-2017-3142 AVG-335 High Yes Access restriction bypass
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized...
CVE-2017-3140 AVG-301 Medium Yes Denial of service
A security issue has been found the Bind named DNS server < 9.11.1P1, leading to a denial of service. A remote attacker can make a vulnerable server...
CVE-2017-3138 AVG-239 Medium Yes Denial of service
A security issue has been found in the bind named daemon, that will exit with a "require" assertion failure if it receives a null command string on its...
CVE-2017-3137 AVG-239 High Yes Denial of service
A security issue has been found in bind, where a server which is performing recursion can be forced to exit with an assertion failure if it can be caused to...
CVE-2017-3136 AVG-239 Medium Yes Denial of service
A security issue has been found in bind, where an error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;".
CVE-2017-3135 AVG-169 High Yes Denial of service
A vulnerability has been found in bind < 9.11.0-P3, allowing a remote attacker to trigger an INSIST assertion failure or a NULL pointer read in...
CVE-2016-9778 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND handled certain queries using the nxdomain-redirect feature to cover a zone for which it is also...
CVE-2016-9444 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit...
CVE-2016-9147 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this...
CVE-2016-9131 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit...
CVE-2016-8864 AVG-59 High Yes Denial of service
A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or...
CVE-2016-2776 AVG-36 High Yes Denial of service
Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages...

Advisories

Date Advisory Group Severity Description
28 Jun 2020 ASA-202006-13 AVG-1191 Medium denial of service
20 May 2020 ASA-202005-13 AVG-1165 High denial of service
25 Feb 2019 ASA-201902-25 AVG-915 High multiple issues
20 May 2018 ASA-201805-20 AVG-706 Medium denial of service
18 Jan 2018 ASA-201801-16 AVG-589 High denial of service
04 Jul 2017 ASA-201707-3 AVG-335 High access restriction bypass
15 Jun 2017 ASA-201706-18 AVG-301 Medium denial of service
29 Apr 2017 ASA-201704-11 AVG-239 High denial of service
09 Feb 2017 ASA-201702-8 AVG-169 High denial of service
12 Jan 2017 ASA-201701-15 AVG-132 High denial of service
01 Nov 2016 ASA-201611-3 AVG-59 High denial of service
27 Sep 2016 ASA-201609-29 AVG-36 High denial of service