bind

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A complete, highly portable implementation of the DNS protocol
Version 9.16.21-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2303 9.16.19-1 9.16.20-1 Medium Fixed
AVG-1890 9.16.13-1 9.16.15-1 High Fixed
AVG-1589 9.16.11-1 9.16.12-1 High Fixed
AVG-1191 9.16.3-1 9.16.4-1 Medium Fixed
AVG-1165 9.16.2-2 9.16.3-1 High Fixed
AVG-1056 9.14.6-1 9.14.7-1 Medium Fixed
AVG-915 9.13.5-5 9.13.7-1 High Fixed
AVG-718 9.13.0-2 9.13.2-1 Medium Fixed
AVG-706 9.12.1-1 9.12.1.P2-1 Medium Fixed
AVG-589 9.11.2-1 9.11.2.P1-1 High Fixed
AVG-335 9.11.1.P1-1 9.11.1.P2-1 High Fixed
AVG-301 9.11.1-1 9.11.1.P1-1 Medium Fixed
AVG-239 9.11.0.P3-4 9.11.1-1 High Fixed
AVG-169 9.11.0.P2-1 9.11.0.P3-1 High Fixed
AVG-132 9.11.0.P1-3 9.11.0.P2-1 High Fixed
AVG-59 9.11.0-2 9.11.0.P1-1 High Fixed
AVG-36 9.10.4.P2-1 9.10.4.P3-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-25218 AVG-2303 Medium Yes Denial of service
In BIND before version 9.16.20, if "named" attempts to respond over UDP with a response that is larger than the current effective interface maximum...
CVE-2021-25216 AVG-1890 High Yes Arbitrary code execution
BIND servers before version 9.16.14 are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration...
CVE-2021-25215 AVG-1890 High Yes Denial of service
DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way "named" processes these...
CVE-2021-25214 AVG-1890 Medium Yes Denial of service
Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an...
CVE-2020-8625 AVG-1589 High Yes Arbitrary code execution
A security issue was found in BIND 9.5.0 up to 9.11.27, 9.12.0 up to 9.16.11, and versions BIND 9.11.3-S1 up to 9.11.27-S1 and 9.16.8-S1 up to 9.16.11-S1 of...
CVE-2020-8619 AVG-1191 Medium Yes Denial of service
An issue has been found in Bind before 9.16.4, where an asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c. The asterisk...
CVE-2020-8618 AVG-1191 Medium Yes Denial of service
An assertion check in BIND before 9.16.4 (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly...
CVE-2020-8617 AVG-1165 High Yes Denial of service
An error in bind before 9.16.3 in the code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger...
CVE-2020-8616 AVG-1165 High Yes Denial of service
An issue has been found in bind before 9.16.3, which does not sufficiently limit the number of fetches which may be performed while processing a referral...
CVE-2019-6476 AVG-1056 Medium Yes Denial of service
An error in QNAME minimization code can cause bind  before 9.14.7 and 9.15.5 to exit with an assertion failure.
CVE-2019-6475 AVG-1056 Medium Yes Content spoofing
A security issue has been found in Bind before 9.14.7 and 9.15.5, where a mirror zone validity checking can allow zone data to be spoofed.
CVE-2019-6465 AVG-915 Medium Yes Access restriction bypass
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7. A client...
CVE-2018-5745 AVG-915 Medium Yes Denial of service
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in...
CVE-2018-5744 AVG-915 High Yes Denial of service
A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9.13.7. By...
CVE-2018-5738 AVG-718 Medium Yes Access restriction bypass
BIND <= 9.13.0 can improperly permit recursive query service to unauthorized clients. When "recursion yes;" is in effect and no match list values are...
CVE-2018-5737 AVG-706 Medium Yes Denial of service
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
CVE-2018-5736 AVG-706 Medium Yes Denial of service
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several...
CVE-2017-3145 AVG-589 High Yes Denial of service
A use-after-free flaw leading to denial of service was found in the way BIND before 9.11.2.P1, 9.10.6-P1 and 9.9.11-P1 internally handled cleanup operations...
CVE-2017-3143 AVG-335 High Yes Access restriction bypass
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized...
CVE-2017-3142 AVG-335 High Yes Access restriction bypass
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized...
CVE-2017-3140 AVG-301 Medium Yes Denial of service
A security issue has been found the Bind named DNS server < 9.11.1P1, leading to a denial of service. A remote attacker can make a vulnerable server...
CVE-2017-3138 AVG-239 Medium Yes Denial of service
A security issue has been found in the bind named daemon, that will exit with a "require" assertion failure if it receives a null command string on its...
CVE-2017-3137 AVG-239 High Yes Denial of service
A security issue has been found in bind, where a server which is performing recursion can be forced to exit with an assertion failure if it can be caused to...
CVE-2017-3136 AVG-239 Medium Yes Denial of service
A security issue has been found in bind, where an error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;".
CVE-2017-3135 AVG-169 High Yes Denial of service
A vulnerability has been found in bind < 9.11.0-P3, allowing a remote attacker to trigger an INSIST assertion failure or a NULL pointer read in...
CVE-2016-9778 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND handled certain queries using the nxdomain-redirect feature to cover a zone for which it is also...
CVE-2016-9444 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit...
CVE-2016-9147 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this...
CVE-2016-9131 AVG-132 High Yes Denial of service
A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit...
CVE-2016-8864 AVG-59 High Yes Denial of service
A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or...
CVE-2016-2776 AVG-36 High Yes Denial of service
Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages...

Advisories

Date Advisory Group Severity Type
29 Apr 2021 ASA-202104-10 AVG-1890 High multiple issues
27 Feb 2021 ASA-202102-40 AVG-1589 High arbitrary code execution
28 Jun 2020 ASA-202006-13 AVG-1191 Medium denial of service
20 May 2020 ASA-202005-13 AVG-1165 High denial of service
25 Feb 2019 ASA-201902-25 AVG-915 High multiple issues
20 May 2018 ASA-201805-20 AVG-706 Medium denial of service
18 Jan 2018 ASA-201801-16 AVG-589 High denial of service
04 Jul 2017 ASA-201707-3 AVG-335 High access restriction bypass
15 Jun 2017 ASA-201706-18 AVG-301 Medium denial of service
29 Apr 2017 ASA-201704-11 AVG-239 High denial of service
09 Feb 2017 ASA-201702-8 AVG-169 High denial of service
12 Jan 2017 ASA-201701-15 AVG-132 High denial of service
01 Nov 2016 ASA-201611-3 AVG-59 High denial of service
27 Sep 2016 ASA-201609-29 AVG-36 High denial of service