| CVE-2022-38178 |
AVG-2811 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-3080 |
AVG-2811 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-2795 |
AVG-2811 |
Unknown |
Unknown |
Unknown |
Unknown |
| CVE-2022-1183 |
AVG-2727 |
High |
Yes |
Incorrect calculation |
An assertion failure can be triggered if a TLS connection to a configured http TLS listener with a defined endpoint is destroyed too early. On vulnerable... |
| CVE-2022-0667 |
AVG-2661 |
High |
Yes |
Denial of service |
In BIND 9.18.0 the recursive client code was refactored that introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that... |
| CVE-2022-0635 |
AVG-2661 |
High |
Yes |
Denial of service |
BIND 9.18.0 stable release refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) and changed the default so that is... |
| CVE-2022-0396 |
AVG-2661 |
Medium |
Yes |
Denial of service |
ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream... |
| CVE-2021-25220 |
AVG-2661 |
Medium |
Yes |
Content spoofing |
When using forwarders in BIND, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason,... |
| CVE-2021-25219 |
AVG-2502 |
Medium |
Yes |
Denial of service |
In BIND before version 9.16.22, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver... |
| CVE-2021-25218 |
AVG-2303 |
Medium |
Yes |
Denial of service |
In BIND before version 9.16.20, if "named" attempts to respond over UDP with a response that is larger than the current effective interface maximum... |
| CVE-2021-25216 |
AVG-1890 |
High |
Yes |
Arbitrary code execution |
BIND servers before version 9.16.14 are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration... |
| CVE-2021-25215 |
AVG-1890 |
High |
Yes |
Denial of service |
DNAME records, described in RFC 6672, provide a way to redirect a subtree of the domain name tree in the DNS. A flaw in the way "named" processes these... |
| CVE-2021-25214 |
AVG-1890 |
Medium |
Yes |
Denial of service |
Incremental zone transfers (IXFR) provide a way of transferring changed portion(s) of a zone between servers. An IXFR stream containing SOA records with an... |
| CVE-2020-8625 |
AVG-1589 |
High |
Yes |
Arbitrary code execution |
A security issue was found in BIND 9.5.0 up to 9.11.27, 9.12.0 up to 9.16.11, and versions BIND 9.11.3-S1 up to 9.11.27-S1 and 9.16.8-S1 up to 9.16.11-S1 of... |
| CVE-2020-8619 |
AVG-1191 |
Medium |
Yes |
Denial of service |
An issue has been found in Bind before 9.16.4, where an asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c. The asterisk... |
| CVE-2020-8618 |
AVG-1191 |
Medium |
Yes |
Denial of service |
An assertion check in BIND before 9.16.4 (that is meant to prevent going beyond the end of a buffer when processing incoming data) can be incorrectly... |
| CVE-2020-8617 |
AVG-1165 |
High |
Yes |
Denial of service |
An error in bind before 9.16.3 in the code which checks the validity of messages containing TSIG resource records can be exploited by an attacker to trigger... |
| CVE-2020-8616 |
AVG-1165 |
High |
Yes |
Denial of service |
An issue has been found in bind before 9.16.3, which does not sufficiently limit the number of fetches which may be performed while processing a referral... |
| CVE-2019-6476 |
AVG-1056 |
Medium |
Yes |
Denial of service |
An error in QNAME minimization code can cause bind before 9.14.7 and 9.15.5 to exit with an assertion failure. |
| CVE-2019-6475 |
AVG-1056 |
Medium |
Yes |
Content spoofing |
A security issue has been found in Bind before 9.14.7 and 9.15.5, where a mirror zone validity checking can allow zone data to be spoofed. |
| CVE-2019-6465 |
AVG-915 |
Medium |
Yes |
Access restriction bypass |
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable in bind before 9.13.7. A client... |
| CVE-2018-5745 |
AVG-915 |
Medium |
Yes |
Denial of service |
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in... |
| CVE-2018-5744 |
AVG-915 |
High |
Yes |
Denial of service |
A failure to free memory can occur when processing messages having a specific combination of EDNS options has been found in bind before 9.13.7. By... |
| CVE-2018-5738 |
AVG-718 |
Medium |
Yes |
Access restriction bypass |
BIND <= 9.13.0 can improperly permit recursive query service to unauthorized clients. When "recursion yes;" is in effect and no match list values are... |
| CVE-2018-5737 |
AVG-706 |
Medium |
Yes |
Denial of service |
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. |
| CVE-2018-5736 |
AVG-706 |
Medium |
Yes |
Denial of service |
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several... |
| CVE-2017-3145 |
AVG-589 |
High |
Yes |
Denial of service |
A use-after-free flaw leading to denial of service was found in the way BIND before 9.11.2.P1, 9.10.6-P1 and 9.9.11-P1 internally handled cleanup operations... |
| CVE-2017-3143 |
AVG-335 |
High |
Yes |
Access restriction bypass |
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized... |
| CVE-2017-3142 |
AVG-335 |
High |
Yes |
Access restriction bypass |
An error in TSIG authentication has been found in Bind <= 9.11.1-P1, allowing a remote attacker to bypass authentication in order to perform unauthorized... |
| CVE-2017-3140 |
AVG-301 |
Medium |
Yes |
Denial of service |
A security issue has been found the Bind named DNS server < 9.11.1P1, leading to a denial of service. A remote attacker can make a vulnerable server... |
| CVE-2017-3138 |
AVG-239 |
Medium |
Yes |
Denial of service |
A security issue has been found in the bind named daemon, that will exit with a "require" assertion failure if it receives a null command string on its... |
| CVE-2017-3137 |
AVG-239 |
High |
Yes |
Denial of service |
A security issue has been found in bind, where a server which is performing recursion can be forced to exit with an assertion failure if it can be caused to... |
| CVE-2017-3136 |
AVG-239 |
Medium |
Yes |
Denial of service |
A security issue has been found in bind, where an error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;". |
| CVE-2017-3135 |
AVG-169 |
High |
Yes |
Denial of service |
A vulnerability has been found in bind < 9.11.0-P3, allowing a remote attacker to trigger an INSIST assertion failure or a NULL pointer read in... |
| CVE-2016-9778 |
AVG-132 |
High |
Yes |
Denial of service |
A denial of service flaw was found in the way BIND handled certain queries using the nxdomain-redirect feature to cover a zone for which it is also... |
| CVE-2016-9444 |
AVG-132 |
High |
Yes |
Denial of service |
A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit... |
| CVE-2016-9147 |
AVG-132 |
High |
Yes |
Denial of service |
A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this... |
| CVE-2016-9131 |
AVG-132 |
High |
Yes |
Denial of service |
A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit... |
| CVE-2016-8864 |
AVG-59 |
High |
Yes |
Denial of service |
A defect in BIND's handling of responses containing a DNAME answer can cause a resolver to exit after encountering an assertion failure in db.c or... |
| CVE-2016-2776 |
AVG-36 |
High |
Yes |
Denial of service |
Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages... |