Search
Total
88 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0888 | 2 Debian, Isc | 2 Debian Linux, Bind | 2020-12-09 | 5.0 MEDIUM | N/A |
| named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." | |||||
| CVE-2015-8000 | 2 Isc, Oracle | 4 Bind, Linux, Solaris and 1 more | 2019-12-27 | 5.0 MEDIUM | N/A |
| db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. | |||||
| CVE-2011-1910 | 1 Isc | 1 Bind | 2019-10-09 | 5.0 MEDIUM | N/A |
| Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. | |||||
| CVE-2008-0122 | 2 Freebsd, Isc | 2 Freebsd, Bind | 2019-08-01 | 10.0 HIGH | N/A |
| Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. | |||||
| CVE-2014-8680 | 1 Isc | 1 Bind | 2019-07-30 | 5.4 MEDIUM | N/A |
| The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | |||||
| CVE-2013-4854 | 10 Fedoraproject, Freebsd, Hp and 7 more | 12 Fedora, Freebsd, Hp-ux and 9 more | 2019-04-22 | 7.8 HIGH | N/A |
| The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | |||||
| CVE-2012-5688 | 2 Canonical, Isc | 2 Ubuntu Linux, Bind | 2018-12-06 | 7.8 HIGH | N/A |
| ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | |||||
| CVE-2007-2926 | 1 Isc | 1 Bind | 2018-10-30 | 4.3 MEDIUM | N/A |
| ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | |||||
| CVE-2015-8461 | 1 Isc | 1 Bind | 2018-10-30 | 7.1 HIGH | N/A |
| Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. | |||||
| CVE-2015-4620 | 1 Isc | 1 Bind | 2018-10-30 | 7.8 HIGH | N/A |
| name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone. | |||||
| CVE-2015-1349 | 1 Isc | 1 Bind | 2018-10-30 | 5.4 MEDIUM | N/A |
| named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use. | |||||
| CVE-2014-0591 | 1 Isc | 1 Bind | 2018-10-30 | 2.6 LOW | N/A |
| The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature. | |||||
| CVE-2013-6230 | 1 Isc | 1 Bind | 2018-10-30 | 6.8 MEDIUM | N/A |
| The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask. | |||||
| CVE-2013-2266 | 1 Isc | 1 Bind | 2018-10-30 | 7.8 HIGH | N/A |
| libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. | |||||
| CVE-2012-3817 | 1 Isc | 1 Bind | 2018-10-30 | 7.8 HIGH | N/A |
| ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. | |||||
| CVE-2012-1033 | 1 Isc | 1 Bind | 2018-10-30 | 5.0 MEDIUM | N/A |
| The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | |||||
| CVE-2011-2464 | 1 Isc | 1 Bind | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. | |||||
| CVE-2009-0265 | 1 Isc | 1 Bind | 2018-10-30 | 5.0 MEDIUM | N/A |
| Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. | |||||
| CVE-2007-2925 | 1 Isc | 1 Bind | 2018-10-30 | 5.8 MEDIUM | N/A |
| The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. | |||||
| CVE-2007-0493 | 1 Isc | 1 Bind | 2018-10-30 | 7.8 HIGH | N/A |
| Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." | |||||
| CVE-2007-2241 | 1 Isc | 1 Bind | 2018-10-30 | 7.1 HIGH | N/A |
| Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. | |||||
| CVE-1999-0837 | 2 Isc, Sun | 3 Bind, Solaris, Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. | |||||
| CVE-1999-0011 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2018-10-30 | 10.0 HIGH | N/A |
| Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | |||||
| CVE-2011-0414 | 1 Isc | 1 Bind | 2018-10-30 | 7.1 HIGH | N/A |
| ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. | |||||
| CVE-1999-0024 | 6 Bsdi, Ibm, Isc and 3 more | 12 Bsd Os, Aix, Bind and 9 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| DNS cache poisoning via BIND, by predictable query IDs. | |||||
| CVE-1999-0009 | 11 Bsdi, Caldera, Data General and 8 more | 13 Bsd Os, Openlinux, Dg Ux and 10 more | 2018-10-30 | 10.0 HIGH | N/A |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||||
| CVE-2013-3919 | 1 Isc | 1 Bind | 2018-10-30 | 7.8 HIGH | N/A |
| resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone. | |||||
| CVE-1999-0833 | 2 Isc, Sun | 3 Bind, Solaris, Sunos | 2018-10-30 | 7.5 HIGH | N/A |
| Buffer overflow in BIND 8.2 via NXT records. | |||||
| CVE-1999-0010 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. | |||||
| CVE-1999-0848 | 2 Isc, Sun | 3 Bind, Solaris, Sunos | 2018-10-30 | 5.0 MEDIUM | N/A |
| Denial of service in BIND named via consuming more than "fdmax" file descriptors. | |||||
| CVE-2003-0914 | 9 Compaq, Freebsd, Hp and 6 more | 10 Tru64, Freebsd, Hp-ux and 7 more | 2018-10-30 | 4.3 MEDIUM | N/A |
| ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. | |||||
| CVE-2006-0527 | 1 Isc | 1 Bind | 2018-10-19 | 7.5 HIGH | N/A |
| BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. | |||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2018-10-19 | 5.0 MEDIUM | N/A |
| BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | |||||
| CVE-2006-0987 | 1 Isc | 1 Bind | 2018-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. | |||||
| CVE-2006-4095 | 1 Isc | 1 Bind | 2018-10-17 | 5.0 MEDIUM | N/A |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | |||||
| CVE-2006-4096 | 1 Isc | 1 Bind | 2018-10-17 | 5.0 MEDIUM | N/A |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. | |||||
| CVE-2007-2930 | 1 Isc | 1 Bind | 2018-10-16 | 4.3 MEDIUM | N/A |
| The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors. NOTE: this issue is different from CVE-2007-2926. | |||||
| CVE-2009-0025 | 1 Isc | 1 Bind | 2018-10-11 | 6.8 MEDIUM | N/A |
| BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | |||||
| CVE-2010-3762 | 1 Isc | 1 Bind | 2018-10-10 | 4.3 MEDIUM | N/A |
| ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. | |||||
| CVE-2010-3614 | 1 Isc | 1 Bind | 2018-10-10 | 6.4 MEDIUM | N/A |
| named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. | |||||
| CVE-2010-3613 | 1 Isc | 1 Bind | 2018-10-10 | 4.0 MEDIUM | N/A |
| named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data. | |||||
| CVE-2009-0696 | 1 Isc | 1 Bind | 2018-10-10 | 4.3 MEDIUM | N/A |
| The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message, as exploited in the wild in July 2009. | |||||
| CVE-2011-2465 | 1 Isc | 1 Bind | 2018-10-09 | 2.6 LOW | N/A |
| Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query. | |||||
| CVE-2011-1907 | 1 Isc | 1 Bind | 2018-10-09 | 5.0 MEDIUM | N/A |
| ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. | |||||
| CVE-2001-0497 | 1 Isc | 1 Bind | 2018-09-20 | 4.6 MEDIUM | N/A |
| dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. | |||||
| CVE-2002-1220 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2018-05-03 | 5.0 MEDIUM | N/A |
| BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size. | |||||
| CVE-2000-0887 | 1 Isc | 1 Bind | 2018-05-03 | 5.0 MEDIUM | N/A |
| named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." | |||||
| CVE-2002-1219 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2018-05-03 | 7.5 HIGH | N/A |
| Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). | |||||
| CVE-2002-1221 | 3 Freebsd, Isc, Openbsd | 3 Freebsd, Bind, Openbsd | 2018-05-03 | 5.0 MEDIUM | N/A |
| BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference. | |||||
| CVE-2012-1667 | 1 Isc | 1 Bind | 2018-01-18 | 8.5 HIGH | N/A |
| ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. | |||||