Product:

Bind

(Isc)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 169
Date Id Summary Products Score Patch Annotated
2022-09-21 CVE-2022-2906 An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. Bind 7.5
2022-09-21 CVE-2022-2881 The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. Bind 8.2
2020-06-17 CVE-2020-8618 An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients. Ubuntu_linux, Bind, Steelstore_cloud_integrated_storage, Leap 4.9
2022-05-19 CVE-2022-1183 On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. Bind, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware 7.5
1997-07-01 CVE-1999-0184 When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records. Bind N/A
1997-08-13 CVE-1999-0024 DNS cache poisoning via BIND, by predictable query IDs. Bsd_os, Aix, Bind, Asl_ux_4800, Ews\-Ux_v, Up\-Ux_v, Open_desktop, Openserver, Unix, Unixware, Solaris, Sunos N/A
2020-08-21 CVE-2020-8620 In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. Ubuntu_linux, Bind, Steelstore_cloud_integrated_storage, Leap 7.5
2021-04-29 CVE-2021-25216 In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly... Debian_linux, Bind, Active_iq_unified_manager, Aff_500f_firmware, Aff_a250_firmware, Cloud_backup, H300e_firmware, H300s_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Sinec_infrastructure_network_services 9.8
2020-08-21 CVE-2020-8621 In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. Ubuntu_linux, Bind, Steelstore_cloud_integrated_storage, Leap, Dns_server 7.5
2019-01-16 CVE-2018-5740 "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. Ubuntu_linux, Debian_linux, Hp\-Ux, Bind, Data_ontap_edge, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_workstation 7.5