MidnightBSD

Advisories for isc

CVE-1999-0009 HIGH

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5.1
sgi irix 4.0.1
redhat linux 4.0
sgi irix 3.3.1
bsdi bsd_os 2.0
sgi irix 4.0.2
sco unixware 7.0
sgi irix 4.0.5d
sgi irix 4.0.4
sun solaris 2.5
sgi irix 5.1
sgi irix 3.3.2
sgi irix 4.0.4b
netbsd netbsd 1.1
sgi irix 6.2
sgi irix 5.3
sgi irix 4.0.4t
ibm aix 4.1.4
sgi irix 4.0.1t
bsdi bsd_os 2.1
netbsd netbsd 1.3.1
nec asl_ux_4800 64
sgi irix 5.1.1
netbsd netbsd 1.0
sgi irix 4.0
sco unixware 2.1
sun sunos -
sun sunos 5.3
sgi irix 3.3
sgi irix 5.0.1
sgi irix 5.2
caldera openlinux 1.0
sun solaris 2.6
sgi irix 4.0.5_ipr
bsdi bsd_os 2.0.1
ibm aix 4.1
sgi irix 4.0.5
isc bind 4.9.6
sgi irix 4.0.5a
ibm aix 4.3
netbsd netbsd 1.3
sun sunos 5.5
sgi irix 5.0
redhat linux 4.1
sgi irix 4.0.5e
sgi irix 4.0.5h
sco open_desktop 5.0
sgi irix 6.1
sgi irix 3.2
ibm aix 4.2
ibm aix 4.1.3
ibm aix 4.2.1
sgi irix 6.3
netbsd netbsd 1.2
sun sunos 5.4
sgi irix 4.0.3
sgi irix 4.0.5_iop
data_general dg_ux 5.4_4.11
ibm aix 4.1.2
redhat linux 5.0
netbsd netbsd 1.2.1
sgi irix 4.0.5f
redhat linux 4.2
isc bind 8.1
data_general dg_ux 5.4_4.1
isc bind 8.1.1
sgi irix 3.3.3
data_general dg_ux 5.4_3.1
sgi irix 6.0
ibm aix 4.1.1
sun sunos 5.5.1
sco open_desktop 3.0
sgi irix 4.0.5g
ibm aix 4.1.5
data_general dg_ux 5.4_3.0
CVE-1999-0010 MEDIUM

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sco unixware 2.1
sun sunos 5.3
data_general dg_ux y2k_patchr4.20mu02
data_general dg_ux y2k_patchr4.20mu01
sun sunos 5.6
data_general dg_ux y2k_patchr4.12mu03
data_general dg_ux y2k_patchr4.20mu03
sco unixware 7.0
isc bind 8
ibm aix 4.1
ibm aix 4.3
netbsd netbsd 1.3
sun sunos 5.5
sco unix 3.2v4
sco openserver 5.0
isc bind 4.9
nec asl_ux_4800 11
ibm aix 4.2
nec asl_ux_4800 13
sun sunos 5.4
redhat linux 5.0
data_general dg_ux y2k_patchr4.11mu05
redhat linux 4.2
netbsd netbsd 1.3.1
sun sunos 5.5.1
sco open_desktop 3.0
CVE-1999-0011 HIGH

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-1067,

Products Affected

Vendor Product Version
sco unixware 2.1
sun sunos 5.3
data_general dg_ux y2k_patchr4.20mu02
data_general dg_ux y2k_patchr4.20mu01
sun sunos 5.6
data_general dg_ux y2k_patchr4.12mu03
data_general dg_ux y2k_patchr4.20mu03
sco unixware 7.0
isc bind 8
ibm aix 4.1
ibm aix 4.3
netbsd netbsd 1.3
sun sunos 5.5
sco unix 3.2v4
sco openserver 5.0
isc bind 4.9
nec asl_ux_4800 11
ibm aix 4.2
nec asl_ux_4800 13
sun sunos 5.4
redhat linux 5.0
data_general dg_ux y2k_patchr4.11mu05
redhat linux 4.2
netbsd netbsd 1.3.1
sun sunos 5.5.1
sco open_desktop 3.0
CVE-1999-0024 MEDIUM

DNS cache poisoning via BIND, by predictable query IDs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 2.5.1
sco unixware 2.1
ibm aix 4.2
sun sunos -
sun sunos 5.3
sun sunos 5.4
nec up-ux_v 4.2mp
sun solaris 2.6
sun solaris 2.4
nec ews-ux_v 4.2
bsdi bsd_os 3.0
nec ews-ux_v 4.2mp
ibm aix 4.1
bsdi bsd_os 2.1
isc bind 8.1
sun solaris 2.5
sun sunos 5.5
sco unix 3.2v4
sco openserver 5.0
nec asl_ux_4800 64
sun sunos 5.5.1
sco open_desktop 3.0
isc bind 4.9.5
CVE-1999-0043 HIGH

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,CWE-78,

Products Affected

Vendor Product Version
isc inn 1.4unoff4
netscape news_server 1.1
redhat linux 4.0
nec goah_intrasv 1.1
nec goah_networksv 2.2
caldera openlinux 1.0
isc inn 1.5
nec goah_networksv 3.1
nec goah_networksv 1.2
bsdi bsd_os 2.1
isc inn 1.4sec
isc inn 1.4sec2
isc inn 1.4unoff3
redhat linux 4.1
CVE-1999-0100 HIGH

Remote access in AIX innd 1.5.1, using control messages.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 1.5.1
CVE-1999-0184 MEDIUM

When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.4.0
CVE-1999-0247 HIGH

Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 1.4unoff4
isc inn 1.5.1
isc inn 1.4
isc inn 1.4sec
isc inn 1.4sec2
isc inn 1.4unoff3
isc inn 1.5
CVE-1999-0705 HIGH

Buffer overflow in INN inews program.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn *
redhat linux 6.0
CVE-1999-0706 HIGH

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 1.7.2
isc inn 2.2
redhat linux 6.0
isc inn 1.5.1
redhat linux 5.0
redhat linux 5.2
isc inn 2.1
redhat linux 4.2
redhat linux 5.1
isc inn 1.7
redhat linux 4.1
isc inn 2.0
CVE-1999-0754 HIGH

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn *
CVE-1999-0785 HIGH

The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 2.1
isc inn 2.0
isc inn 2.2
CVE-1999-0808 HIGH

Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcp_client 1.0
isc dhcp_client 2.0
CVE-1999-0833 HIGH

Buffer overflow in BIND 8.2 via NXT records.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
isc bind 8.2
isc bind 8.2.1
CVE-1999-0837 HIGH

Denial of service in BIND by improperly closing TCP sessions via so_linger.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
isc bind 8.2
isc bind 8.2.1
CVE-1999-0848 MEDIUM

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun solaris 7.0
sun sunos 5.7
isc bind 8.2
isc bind 8.2.1
CVE-1999-0849 MEDIUM

Denial of service in BIND named via maxdname.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.6
isc bind 8.1
isc bind 8.1.1
isc bind 8.2
isc bind 4.9.5
isc bind 4.9.7
isc bind 8.2.1
CVE-1999-0868 HIGH

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 1.5.1
nec goah_networksv r3.1
netscape news_server 1.1
nec goah_intrasv r1.1
redhat linux 4.0
nec goah_networksv r1.2
sun sparc *
redhat linux 4.1
nec goah_networksv r2.2
CVE-1999-1499 LOW

named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.1
isc bind 4.9
CVE-2000-0335 HIGH

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc 2.1.2
gnu glibc 2.0
isc bind 8.2.2
gnu glibc 2.1.1
gnu glibc 2.1
isc bind 8.2
gnu glibc 2.1.3
isc bind 8.2.1
CVE-2000-0360 MEDIUM

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 1.4unoff4
isc inn 1.7.2
isc inn 2.2
isc inn 1.5
isc inn 1.5.1
isc inn 2.1
isc inn 1.7
isc inn 1.4sec
isc inn 1.4sec2
isc inn 1.4unoff3
isc inn 2.0
isc inn 2.2.1
CVE-2000-0472 LOW

Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 2.1
isc inn 2.2.2
isc inn 2.0
isc inn 2.2
isc inn 2.2.1
CVE-2000-0585 HIGH

ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcp_client 3.0b1
isc dhcp_client 2.0
CVE-2000-0887 MEDIUM

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.2
CVE-2000-0888 MEDIUM

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 8.2.2
debian debian_linux 2.2
isc bind 8.2
isc bind 8.2.1
CVE-2000-1029 HIGH

Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.1
CVE-2001-0010 HIGH

Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.2
isc bind 8.2
isc bind 8.2.1
CVE-2001-0011 HIGH

Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.6
isc bind 4.9.3
isc bind 4.9.5
isc bind 4.9.7
CVE-2001-0012 MEDIUM

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.2
isc bind 4.9.6
isc bind 4.9.3
isc bind 8.2
isc bind 4.9.5
isc bind 4.9.7
isc bind 8.2.1
CVE-2001-0013 HIGH

Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.6
isc bind 4.9.3
isc bind 4.9.5
isc bind 4.9.7
CVE-2001-0497 MEDIUM

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
isc bind *
CVE-2001-1442 MEDIUM

Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 2.1
isc inn 2.2.2
isc inn 2.0
isc inn 2.2
isc inn 2.2.3
isc inn 2.2.1
CVE-2002-0029 HIGH

Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 4.9.4
astaro security_linux 2.0.24
astaro security_linux 3.2.11
astaro security_linux 2.0.25
isc bind 4.9.2
astaro security_linux 3.2.0
astaro security_linux 2.0.26
isc bind 4.9.6
isc bind 4.9.3
astaro security_linux 2.0.27
isc bind 4.9.8
astaro security_linux 2.0.23
isc bind 4.9.5
isc bind 4.9.7
isc bind 4.9.9
isc bind 4.9.10
astaro security_linux 2.0.30
astaro security_linux 3.2.10
CVE-2002-0400 MEDIUM

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.1.2
isc bind 9.1.3
isc bind 9.1.1
isc bind 9.0
isc bind 9.2
isc bind 9.1
CVE-2002-0525 HIGH

Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 2.1
isc inn 2.2.2
isc inn 2.0
isc inn 2.2
isc inn 2.2.3
isc inn 2.2.1
CVE-2002-0651 HIGH

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.4.0
CVE-2002-0684 HIGH

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gnu glibc *
isc bind 4.9.8
CVE-2002-0702 HIGH

Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcpd 3.0
isc dhcpd 3.0.1
CVE-2002-1219 HIGH

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2
isc bind 4.9.6
isc bind 8.3.0
isc bind 8.2.6
isc bind 4.9.8
isc bind 8.2.4
isc bind 4.9.5
isc bind 4.9.7
isc bind 4.9.9
isc bind 4.9.10
isc bind 8.3.2
freebsd freebsd 4.7
openbsd openbsd 3.0
isc bind 8.2.2
freebsd freebsd 4.5
isc bind 8.3.1
openbsd openbsd 3.2
isc bind 8.2.5
isc bind 8.2.1
isc bind 8.3.3
freebsd freebsd 4.4
openbsd openbsd 3.1
isc bind 8.2.3
freebsd freebsd 4.6
CVE-2002-1220 MEDIUM

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
openbsd openbsd 3.0
freebsd freebsd 4.5
isc bind 8.3.3
freebsd freebsd 4.4
openbsd openbsd 3.1
isc bind 8.3.0
isc bind 8.3.1
openbsd openbsd 3.2
freebsd freebsd 4.6
isc bind 8.3.2
CVE-2002-1221 MEDIUM

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
freebsd freebsd 4.7
openbsd openbsd 3.0
isc bind 8.2.2
freebsd freebsd 4.5
isc bind 8.3.1
openbsd openbsd 3.2
isc bind 8.2.5
isc bind 8.2
isc bind 8.2.1
isc bind 8.3.3
isc bind 8.1.2
freebsd freebsd 4.4
openbsd openbsd 3.1
isc bind 8.3.0
isc bind 8.1
isc bind 8.1.1
isc bind 8.2.3
isc bind 8.2.6
freebsd freebsd 4.6
isc bind 8.2.4
isc bind 8.3.2
CVE-2002-2211 MEDIUM

BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2.7
isc bind 8.2.2
isc bind 8.3.1
isc bind 4.9.4
isc bind 8.2.5
isc bind 8.2
isc bind 8.2.1
isc bind 4.9.2
isc bind 8.3.3
isc bind 4.9.6
isc bind 8.3.0
isc bind 8.3.4
isc bind 4.9.3
isc bind 8.2.3
isc bind 8.2.6
isc bind 4.9.8
isc bind 8.2.4
isc bind 4.9
isc bind 4.9.5
isc bind 4.9.7
isc bind 4.9.9
isc bind 4.9.10
isc bind 8.3.2
CVE-2002-2212 MEDIUM

The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2
isc bind 4.9.2
isc bind 4.9.6
isc bind 8.3.0
isc bind 8.3.4
isc bind 4.9.3
isc bind 8.2.6
isc bind 4.9.8
isc bind 8.2.4
isc bind 4.9
isc bind 4.9.5
isc bind 4.9.7
isc bind 4.9.9
isc bind 4.9.10
isc bind 8.3.2
isc bind 8.2.7
isc bind 8.2.2
isc bind 8.3.1
isc bind 4.9.4
isc bind 8.2.5
isc bind 8.2.1
isc bind 8.3.3
isc bind 8.2.3
fujitsu uxp_v *
CVE-2002-2213 MEDIUM

The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.2
isc bind 4.9.2
isc bind 4.9.6
isc bind 8.3.0
isc bind 8.3.4
isc bind 4.9.3
infoblox dns_one *
isc bind 8.2.6
isc bind 4.9.8
isc bind 8.2.4
isc bind 4.9
isc bind 4.9.5
isc bind 4.9.7
isc bind 4.9.9
isc bind 4.9.10
isc bind 8.3.2
isc bind 8.2.7
isc bind 8.2.2
isc bind 8.3.1
isc bind 4.9.4
isc bind 8.2.5
isc bind 8.2.1
isc bind 8.3.3
isc bind 8.2.3
CVE-2003-0026 HIGH

Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcpd 3.0
isc dhcpd 3.0.1
CVE-2003-0039 MEDIUM

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcpd 3.0.1
CVE-2003-0914 MEDIUM

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
compaq tru64 4.0g_pk3_bl17
compaq tru64 5.1_pk6_bl20
compaq tru64 5.1b
compaq tru64 5.1b_pk2_bl22
compaq tru64 4.0f
sun solaris 7.0
isc bind 8.4
isc bind 8.2.6
isc bind 8.2.4
sco unixware 7.1.1
ibm aix 5.1l
isc bind 8.3.2
hp hp-ux 11.00
freebsd freebsd 4.7
freebsd freebsd 4.5
isc bind 8.3.1
isc bind 8.4.1
compaq tru64 5.1a_pk1_bl1
sun solaris 9.0
isc bind 8.2.5
hp hp-ux 11.11
compaq tru64 5.1b_pk1_bl1
nixu namesurfer standard_3.0.1
isc bind 8.3.3
freebsd freebsd 4.4
freebsd freebsd 4.8
isc bind 8.3.6
sun sunos 5.7
isc bind 8.2.3
freebsd freebsd 5.0
compaq tru64 5.1
compaq tru64 5.1_pk3_bl17
compaq tru64 5.1a_pk2_bl2
compaq tru64 4.0f_pk6_bl17
compaq tru64 5.1a_pk3_bl3
compaq tru64 5.1_pk5_bl19
netbsd netbsd 1.6
compaq tru64 4.0f_pk7_bl18
isc bind 8.3.5
nixu namesurfer suite_3.0.1
isc bind 8.3.0
isc bind 8.3.4
compaq tru64 4.0g_pk4_bl22
compaq tru64 4.0g
compaq tru64 5.1a
freebsd freebsd 4.9
isc bind 8.2.7
sun sunos 5.8
freebsd freebsd 4.6.2
compaq tru64 5.1a_pk5_bl23
netbsd netbsd 1.6.1
compaq tru64 5.1_pk4_bl18
netbsd netbsd current
compaq tru64 4.0f_pk8_bl22
sun solaris 8.0
freebsd freebsd 4.6
compaq tru64 5.1a_pk4_bl21
CVE-2004-0045 HIGH

Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc inn 2.4.0
CVE-2004-0460 HIGH

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 8.1
infoblox dns_one_appliance 2.3.1_r5
suse suse_linux 7
isc dhcpd 3.0.1
infoblox dns_one_appliance 2.4.0.8
suse suse_linux 9.1
suse suse_linux_database_server *
suse suse_linux 8.0
mandrakesoft mandrake_linux 9.2
suse suse_linux_admin-cd_for_firewall *
suse suse_linux_firewall_cd *
suse suse_linux 8.2
suse suse_linux 9.0
mandrakesoft mandrake_linux 9.1
suse suse_linux 8
suse suse_email_server iii
suse suse_linux_connectivity_server *
infoblox dns_one_appliance 2.4.0.8a
redhat fedora_core core_2.0
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 9.0
suse suse_linux_office_server *
CVE-2004-0461 HIGH

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 8.1
infoblox dns_one_appliance 2.3.1_r5
suse suse_linux 7
isc dhcpd 3.0.1
infoblox dns_one_appliance 2.4.0.8
suse suse_linux 9.1
suse suse_linux_database_server *
suse suse_linux 8.0
mandrakesoft mandrake_linux 9.2
suse suse_linux_admin-cd_for_firewall *
suse suse_linux_firewall_cd *
suse suse_linux 8.2
suse suse_linux 9.0
mandrakesoft mandrake_linux 9.1
suse suse_linux 8
suse suse_email_server iii
suse suse_linux_connectivity_server *
infoblox dns_one_appliance 2.4.0.8a
redhat fedora_core core_2.0
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 9.0
suse suse_linux_office_server *
CVE-2004-1006 HIGH

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcpd 3.0_b2pl9
isc dhcpd 3.0
isc dhcpd 3.0_b2pl23
isc dhcpd 3.0_pl2
isc dhcpd 3.0.1
isc dhcpd 3.0_pl1
isc dhcpd 2.0.pl5
CVE-2005-0033 MEDIUM

Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 8.4.5
isc bind 8.4.4
CVE-2005-0034 MEDIUM

An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.3.0
CVE-2006-0527 HIGH

BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
isc bind 4
isc bind 8
CVE-2006-0987 MEDIUM

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.3.2
CVE-2006-2073 MEDIUM

Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.0
isc bind 9.2.3
isc bind 9.1
isc bind 9.3
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.0
isc bind 9.2.2
isc bind 9.1.3
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.1.1
CVE-2006-4095 MEDIUM

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
canonical ubuntu_linux 5.04
apple mac_os_x *
canonical ubuntu_linux 5.10
isc bind *
apple mac_os_x_server *
canonical ubuntu_linux 6.06
CVE-2007-0493 HIGH

Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.4.0
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
CVE-2009-0265 MEDIUM

Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-252,CWE-295,

Products Affected

Vendor Product Version
isc bind *
CVE-2009-0696 MEDIUM

The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-16,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.0
isc bind 9.5.0
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.6.0
isc bind 9.6
isc bind 9.6.1
isc bind 9.4
isc bind 9.5
CVE-2009-1893 MEDIUM

The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,

Products Affected

Vendor Product Version
redhat enterprise_linux 3.0
isc dhcp 3.0.1
CVE-2010-0097 MEDIUM

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.3.6
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.3.5
isc bind 9.2.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
isc bind 9.1.1
isc bind 9.6
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.5
isc bind 9.5.1
isc bind 9.5.2
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.1.3
isc bind 9.6.0
CVE-2010-0213 LOW

BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.

CVSS 2.0

Severity: LOW

Problem Type: CWE-19,

Products Affected

Vendor Product Version
isc bind 9.7.1
CVE-2010-0218 MEDIUM

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
isc bind 9.7.2
CVE-2010-0290 MEDIUM

Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.3.6
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.3.5
isc bind 9.2.5
isc bind 9.6.1
isc bind 9.10.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.1.1
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.1.3
isc bind 9.6.0
CVE-2010-0382 HIGH

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.3.6
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.3.5
isc bind 9.2.5
isc bind 9.6.1
isc bind 9.10.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.1.1
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.1.3
isc bind 9.6.0
CVE-2010-2156 MEDIUM

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
isc dhcp 4.1.1
isc dhcp 4.0.1
isc dhcp 4.0.2
isc dhcp 4.0.0
isc dhcp 4.1.0
CVE-2010-3611 MEDIUM

ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc dhcp 4.1.1
isc dhcp 4.0.1
isc dhcp 4.0.0
isc dhcp 4.0
isc dhcp 4.1.0
isc dhcp 4.2.0
CVE-2010-3613 MEDIUM

named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
isc bind 9.7.1
isc bind 9.7.0
isc bind 9.7.2
isc bind 9.6.2
isc bind 9.6
CVE-2010-3614 MEDIUM

named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.1.1
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.4.3
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.2
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
CVE-2010-3615 MEDIUM

named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
isc bind 9.7.2
CVE-2010-3616 MEDIUM

ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 4.2.0
CVE-2010-3762 MEDIUM

ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind *
CVE-2011-0413 HIGH

The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 4.1.1
isc dhcp 4.0-esv
isc dhcp 4.0.1
isc dhcp 4.0.2
isc dhcp 4.1-esv
isc dhcp 4.0.3
isc dhcp 4.1.2
isc dhcp 4.0.0
isc dhcp 4.0
isc dhcp 4.1.0
isc dhcp 4.2.0
CVE-2011-0414 HIGH

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
isc bind 9.7.1
isc bind 9.7.2
CVE-2011-0997 HIGH

dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 3.0.3
canonical ubuntu_linux 10.04
isc dhcp 3.1.1
isc dhcp 3.0.5
isc dhcp 4.2.1
debian debian_linux 7.0
isc dhcp 3.0.6
canonical ubuntu_linux 6.06
debian debian_linux 6.0
isc dhcp 3.1-esv
canonical ubuntu_linux 8.04
isc dhcp 3.0.2
debian debian_linux 5.0
isc dhcp 4.1-esv
canonical ubuntu_linux 9.10
canonical ubuntu_linux 10.10
isc dhcp 3.0.4
isc dhcp 3.1.0
isc dhcp 3.0.1
isc dhcp 3.0
isc dhcp 3.1.3
isc dhcp 4.2.0
isc dhcp 3.1.2
CVE-2011-1907 MEDIUM

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
isc bind 9.8.0
CVE-2011-1910 MEDIUM

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.3.6
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.3.5
isc bind 9.2.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
isc bind 9.1.1
isc bind 9.6
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.5
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.5.2
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2011-2464 MEDIUM

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.7.2
isc bind 9.6.1
isc bind 9.7.1
isc bind 9.7.0
isc bind 9.7.2b1
isc bind 9.6.0
isc bind 9.8.1
isc bind 9.6.2
isc bind 9.6.3
isc bind 9.6
isc bind 9.7.3
isc bind 9.8.0
CVE-2011-2465 LOW

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.8.1
isc bind 9.8.0
CVE-2011-2748 HIGH

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 3.0.3
isc dhcp 3.1.1
isc dhcp 4.2.1
isc dhcp 4.0.3
isc dhcp 4.0
debian debian_linux 7.0
debian debian_linux 6.0
isc dhcp 3.1-esv
canonical ubuntu_linux 8.04
isc dhcp 3.0.2
debian debian_linux 5.0
isc dhcp 4.1-esv
isc dhcp 3.1
isc dhcp 3.1.0
isc dhcp 3.0
isc dhcp 4.2.0
isc dhcp 4.0-esv
canonical ubuntu_linux 10.04
isc dhcp 4.0.2
isc dhcp 3.0.5
canonical ubuntu_linux 11.04
isc dhcp 4.1.2
isc dhcp 3.0.6
isc dhcp 4.1.1
isc dhcp 4.0.1
canonical ubuntu_linux 10.10
isc dhcp 4.0.0
isc dhcp 4.1.0
isc dhcp 3.0.4
isc dhcp 3.0.1
isc dhcp 3.1.3
isc dhcp 3.1.2
CVE-2011-2749 HIGH

The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 3.0.3
isc dhcp 3.1.1
isc dhcp 4.2.1
isc dhcp 4.0.3
isc dhcp 4.0
debian debian_linux 7.0
debian debian_linux 6.0
isc dhcp 3.1-esv
canonical ubuntu_linux 8.04
isc dhcp 3.0.2
debian debian_linux 5.0
isc dhcp 4.1-esv
isc dhcp 3.1
isc dhcp 3.1.0
isc dhcp 3.0
isc dhcp 4.2.0
isc dhcp 4.0-esv
canonical ubuntu_linux 10.04
isc dhcp 4.0.2
isc dhcp 3.0.5
canonical ubuntu_linux 11.04
isc dhcp 4.1.2
isc dhcp 3.0.6
isc dhcp 4.1.1
isc dhcp 4.0.1
canonical ubuntu_linux 10.10
isc dhcp 4.0.0
isc dhcp 4.1.0
isc dhcp 3.0.4
isc dhcp 3.0.1
isc dhcp 3.1.3
isc dhcp 3.1.2
CVE-2011-4313 MEDIUM

query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.5.2
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.4.3
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.2.5
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2011-4539 MEDIUM

dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 4.2.3
isc dhcp 4.0.2
canonical ubuntu_linux 11.04
isc dhcp 4.2.1
isc dhcp 4.0.3
isc dhcp 4.1.2
isc dhcp 4.0
debian debian_linux 7.0
debian debian_linux 6.0
isc dhcp 4.1.1
isc dhcp 4.0.1
isc dhcp 4.1-esv
canonical ubuntu_linux 11.10
isc dhcp 4.0.0
isc dhcp 4.2.2
isc dhcp 4.2.0
CVE-2011-4868 MEDIUM

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
isc dhcp 3.0.3
isc dhcp 4.2.3
isc dhcp 3.0.5
isc dhcp 4.2.1
isc dhcp *
isc dhcp 3.0.6
isc dhcp 3.0.2
isc dhcp 4.0.0
isc dhcp 4.1.0
isc dhcp 4.2.2
isc dhcp 3.0.4
isc dhcp 3.1.0
isc dhcp 3.0.1
isc dhcp 3.0
isc dhcp 4.2.0
CVE-2012-1033 MEDIUM

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.2.4
isc bind 9.2.5
isc bind 9.3
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.3.0
isc bind 9.1.1
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.5
isc bind 9.5.1
isc bind 9.0
isc bind 9.2.3
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.1.3
isc bind 9.6.0
CVE-2012-1667 HIGH

ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.9.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.4.3
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.2
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2012-4244 HIGH

ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.8.2
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.4.3
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.8.3
isc bind 9.2
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2012-5688 HIGH

ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
isc bind 9.8.1
isc bind 9.8.2
isc bind 9.9.1
canonical ubuntu_linux 12.10
isc bind 9.9.0
isc bind 9.8.3
isc bind 9.8.0
CVE-2012-5689 HIGH

ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
isc bind 9.8.2
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 15.04
redhat enterprise_linux_workstation 6.0
isc bind 9.8.3
redhat enterprise_linux_server_eus 6.4.z
isc bind 9.8.4
redhat enterprise_linux_hpc_node 6.0
isc bind 9.9.2
isc bind 9.8.1
isc bind 9.9.1
redhat enterprise_linux_server_aus 6.4
canonical ubuntu_linux 14.04
redhat enterprise_linux_server 6.0
isc bind 9.9.0
isc bind 9.8.0
CVE-2013-2266 HIGH

libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
isc bind 9.7.2
isc bind 9.8.2
isc bind 9.7.5
isc bind 9.8.3
isc bind 9.7.6
isc bind 9.8.4
isc bind 9.7.1
isc bind 9.9.2
isc bind 9.7.0
isc bind 9.9.3
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.7.4
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.7.3
isc bind 9.8.0
CVE-2013-2494 MEDIUM

libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
isc dhcp 4.2.3
isc dhcp 4.2.5
isc dhcp 4.2.1
isc dhcp 4.2.4
isc dhcp 4.2.2
isc dhcp 4.2.0
CVE-2013-3919 HIGH

resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.9.3
isc bind 9.8.5
isc bind 9.6
CVE-2013-4854 HIGH

The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.8.6
slackware slackware_linux 13.0
isc bind 9.7.7
freebsd freebsd 8.0
redhat enterprise_linux 5
isc bind 9.7.2
hp hp-ux b.11.31
freebsd freebsd 8.1
novell suse_linux 11
freebsd freebsd 8.3
isc bind 9.7.6
mandriva enterprise_server 5.0
freebsd freebsd 8.2
isc bind 9.9.2
slackware slackware_linux 13.1
isc bind 9.9.3
isc bind 9.8.1
isc bind 9.9.1
suse suse_linux_enterprise_software_development_kit 11.0
freebsd freebsd 8.4
slackware slackware_linux 12.1
isc bind 9.7.4
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.7.3
isc bind 9.8.0
fedoraproject fedora 19
mandriva business_server 1.0
freebsd freebsd 9.2
isc dnsco_bind 9.9.3
isc dnsco_bind 9.9.4
isc bind 9.8.2
isc bind 9.7.5
isc bind 9.8.3
isc bind 9.8.4
isc bind 9.7.1
redhat enterprise_linux 6.0
isc bind 9.7.0
opensuse opensuse 11.4
slackware slackware_linux 13.37
freebsd freebsd 9.0
fedoraproject fedora 18
slackware slackware_linux 12.2
freebsd freebsd 9.1
CVE-2013-5661 LOW

Cache Poisoning issue exists in DNS Response Rate Limiting.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-290,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
nlnetlabs nsd 3.2.15
isc bind *
nic knot_resolver *
CVE-2013-6230 MEDIUM

The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
isc bind 9.8.6
isc bind 9.8.2
isc bind 9.8.3
isc bind 9.8.4
isc bind 9.9.4
isc bind 9.9.2
isc bind 9.9.3
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.6
isc bind 9.8.0
CVE-2014-0591 LOW

The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS query to an authoritative nameserver that uses the NSEC3 signing feature.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
isc bind 9.8.6
isc bind 9.7.7
isc bind 9.7.2
isc bind 9.8.2
isc bind 9.7.5
isc bind 9.8.3
isc bind 9.7.6
isc bind 9.6.1
isc bind 9.8.4
isc bind 9.9.4
isc bind 9.7.1
isc bind 9.7.0
isc bind 9.6.0
isc bind 9.8.1
isc bind 9.6.2
isc bind 9.6.3
isc bind 9.7.4
isc bind 9.8.5
isc bind 9.6
isc bind 9.7.3
isc bind 9.8.0
CVE-2014-3214 MEDIUM

The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.10.0
CVE-2014-3859 MEDIUM

libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.10.0
CVE-2014-8500 HIGH

ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.2.2
isc bind 9.9.2
isc bind 9.5.0
isc bind 9.9.3
isc bind 9.9.5
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.2.6
isc bind 9.5
isc bind 9.8.2
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.9.4
isc bind 9.9.6
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.8.6
isc bind 9.4.3
isc bind 9.7.7
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.10.1
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.10.0
isc bind 9.8.3
isc bind 9.2
isc bind 9.8.4
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2014-8680 MEDIUM

The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-284,

Products Affected

Vendor Product Version
isc bind 9.10.0
isc bind 9.10.1
CVE-2015-1349 MEDIUM

named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
isc bind 9.8.6
isc bind 9.7.7
isc bind 9.9.7
isc bind 9.7.2
isc bind 9.7.6
isc bind 9.10.1
isc bind 9.9.2
isc bind 9.9.3
isc bind 9.9.5
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.7.4
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.8.2
isc bind 9.7.5
isc bind 9.8.3
isc bind 9.8.4
isc bind 9.9.4
isc bind 9.9.6
isc bind 9.7.1
isc bind 9.7.0
CVE-2015-4620 HIGH

name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-17,

Products Affected

Vendor Product Version
isc bind 9.8.6
isc bind 9.7.7
isc bind 9.9.7
isc bind 9.7.2
isc bind 9.7.6
isc bind 9.10.1
isc bind 9.9.2
isc bind 9.9.3
isc bind 9.9.5
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.7.4
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.8.2
isc bind 9.7.5
isc bind 9.8.3
isc bind 9.8.4
isc bind 9.9.4
isc bind 9.9.6
isc bind 9.7.1
isc bind 9.7.0
CVE-2015-5477 HIGH

named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-19,

Products Affected

Vendor Product Version
isc bind *
CVE-2015-5722 HIGH

buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apple mac_os_x_server 5.0.15
isc bind *
CVE-2015-5986 HIGH

openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
apple mac_os_x_server 5.0.15
isc bind *
CVE-2015-8000 MEDIUM

db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
oracle solaris 10
oracle solaris 11.3
isc bind 9.4.1
isc bind 8.4.7
isc bind 9.6.1
isc bind 9.3
isc bind 9.2.2
isc bind 9.9.2
isc bind 9.5.0
isc bind 9.9.3
isc bind 9.9.5
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.8.2
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.9.4
isc bind 9.9.6
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.8.6
isc bind 9.4.3
isc bind 9.7.7
isc bind 9.4.2
isc bind 9.9.7
isc bind 9.7.2
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.10.1
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
oracle vm_server 3.2
isc bind 9.10.0
oracle linux 6
isc bind 9.10.2
isc bind 9.8.3
isc bind 9.9.8
oracle linux 7
oracle linux 5.0
isc bind 9.2
isc bind 9.8.4
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2015-8373 HIGH

The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packet.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc kea 0.9.2
isc kea 1.0.0
CVE-2015-8461 HIGH

Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 8.4.7
isc bind 9.6.1
isc bind 9.3
isc bind 9.2.2
isc bind 9.9.2
isc bind 9.5.0
isc bind 9.9.3
isc bind 9.9.5
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.8.5
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.8.2
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.9.4
isc bind 9.9.6
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.8.6
isc bind 9.4.3
isc bind 9.7.7
isc bind 9.4.2
isc bind 9.9.7
isc bind 9.7.2
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.10.1
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.8.3
isc bind 9.9.8
isc bind 9.2
isc bind 9.8.4
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2015-8605 MEDIUM

ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 4.3.3
isc dhcp 4.2.1
isc dhcp 4.0.3
isc dhcp 4.3.2
debian debian_linux 7.0
isc dhcp 4.2.4
isc dhcp 4.1-esv
isc dhcp 4.2.5
isc dhcp 4.2.6
isc dhcp 4.3.1
debian debian_linux 8.0
canonical ubuntu_linux 14.04
isc dhcp 4.2.2
isc dhcp 4.2.0
isc dhcp 4.2.8
canonical ubuntu_linux 12.04
isc dhcp 4.2.3
isc dhcp 4.0.2
canonical ubuntu_linux 15.04
isc dhcp 4.1.2
isc dhcp 4.1.1
isc dhcp 4.3.0
isc dhcp 4.2.7
isc dhcp 4.0.1
debian debian_linux 9.0
canonical ubuntu_linux 15.10
sophos unified_threat_management_up2date *
isc dhcp 4.0.0
isc dhcp 4.1.0
CVE-2015-8704 MEDIUM

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.2.4
isc bind 9.2.5
isc bind 9.10.1
isc bind 9.3
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.1.1
isc bind 9.6
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.5
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.10.2
isc bind 9.5.2
isc bind 9.0
isc bind 9.2.3
isc bind 9.9.8
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.2.7
isc bind 9.4.0
isc bind 9.1.3
CVE-2015-8705 MEDIUM

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.4.3
isc bind 9.4.1
isc bind 9.4.2
isc bind 9.2.4
isc bind 9.2.5
isc bind 9.10.1
isc bind 9.3
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.2.1
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.1.1
isc bind 9.6
isc bind 9.2.6
isc bind 9.3.3
isc bind 9.5
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.10.2
isc bind 9.5.2
isc bind 9.0
isc bind 9.2.3
isc bind 9.9.8
isc bind 9.2
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.2.7
isc bind 9.4.0
isc bind 9.1.3
CVE-2016-1284 LOW

rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via crafted flag values in a query.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.9.8
CVE-2016-1285 MEDIUM

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H 2.2 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse manager 2.1
suse linux_enterprise_debuginfo 11
suse linux_enterprise_software_development_kit 11
juniper junos 12.1x46
debian debian_linux 7.0
juniper junos 12.1x46-d10
juniper junos 12.1x46-d76
suse linux_enterprise_server 11
opensuse opensuse 13.1
debian debian_linux 8.0
juniper junos 18.2
isc bind 9.10.3
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
juniper junos 17.3
suse openstack_cloud 5
fedoraproject fedora 24
juniper junos 12.3x48
suse linux_enterprise_desktop 12
canonical ubuntu_linux 12.04
suse linux_enterprise_server 12
juniper junos 15.1x49
juniper junos 18.4
fedoraproject fedora 23
fedoraproject fedora 22
isc bind *
isc bind 9.9.8
juniper junos 18.3
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 11
opensuse opensuse 11.4
debian debian_linux 9.0
canonical ubuntu_linux 15.10
suse manager_proxy 2.1
opensuse leap 42.1
juniper junos 17.4
juniper junos 18.1
CVE-2016-1286 MEDIUM

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
suse manager 2.1
suse linux_enterprise_debuginfo 11
suse linux_enterprise_software_development_kit 11
juniper junos 12.1x46
debian debian_linux 7.0
juniper junos 12.1x46-d10
juniper junos 12.1x46-d76
suse linux_enterprise_server 11
opensuse opensuse 13.1
debian debian_linux 8.0
juniper junos 18.2
isc bind 9.10.3
canonical ubuntu_linux 14.04
opensuse opensuse 13.2
juniper junos 17.3
suse openstack_cloud 5
fedoraproject fedora 24
juniper junos 12.3x48
suse linux_enterprise_desktop 12
canonical ubuntu_linux 12.04
suse linux_enterprise_server 12
juniper junos 15.1x49
juniper junos 18.4
fedoraproject fedora 23
fedoraproject fedora 22
isc bind *
isc bind 9.9.8
juniper junos 18.3
suse linux_enterprise_software_development_kit 12
suse linux_enterprise_desktop 11
opensuse opensuse 11.4
debian debian_linux 9.0
canonical ubuntu_linux 15.10
suse manager_proxy 2.1
opensuse leap 42.1
juniper junos 17.4
juniper junos 18.1
CVE-2016-2088 MEDIUM

resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.10.0
isc bind 9.10.2
isc bind 9.10.3
isc bind 9.10.1
CVE-2016-2774 HIGH

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc dhcp 4.3.3
isc dhcp 4.2.3
isc dhcp 4.2.1
isc dhcp 4.1.2
isc dhcp 4.3.2
isc dhcp 4.2.4
isc dhcp 4.1.1
isc dhcp 4.3.0
isc dhcp 4.2.7
isc dhcp 4.1-esv
isc dhcp 4.2.5
isc dhcp 4.2.6
isc dhcp 4.3.1
debian debian_linux 8.0
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
isc dhcp 4.1.0
isc dhcp 4.2.2
canonical ubuntu_linux 16.04
isc dhcp 4.2.0
isc dhcp 4.2.8
CVE-2016-2775 MEDIUM

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.7
hp hp-ux b.11.31
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
isc bind 9.9.9
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server 6.0
isc bind 9.11.0
fedoraproject fedora 24
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.3
isc bind 9.10.4
redhat enterprise_linux_eus 7.3
fedoraproject fedora 23
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.7
CVE-2016-2776 HIGH

buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
oracle vm_server 3.2
oracle solaris 11.3
isc bind 9.10.0
isc bind 9.10.4
oracle linux 6
isc bind 9.10.2
oracle solaris 10.0
isc bind *
oracle linux 7
oracle vm_server 3.4
isc bind 9.10.1
oracle linux 5.0
oracle vm_server 3.3
isc bind 9.10.3
isc bind 9.11.0
hp hp-ux 11.31
CVE-2016-2848 MEDIUM

ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.2.2
isc bind 9.9.2
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.9.1
isc bind 9.1.1
isc bind 9.9.0
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.8.2
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.2.3
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.4.3
isc bind 9.7.7
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.8.3
isc bind 9.2
isc bind 9.8.4
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2016-6170 MEDIUM

ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
redhat enterprise_linux 5.0
redhat enterprise_linux 7.0
isc bind 9.10.4
isc bind *
isc bind 9.11.0
isc bind 9.9.9
CVE-2016-8864 MEDIUM

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 6.5
isc bind 9.9.9
redhat enterprise_linux_eus 7.6
netapp solidfire -
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server 6.0
isc bind 9.11.0
redhat enterprise_linux_eus 6.7
redhat enterprise_linux_server_aus 7.6
netapp data_ontap_edge -
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.3
isc bind 9.10.4
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server 5.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_desktop 5.0
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.4
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_workstation 5.0
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.7
CVE-2016-9131 MEDIUM

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_tus 7.6
isc bind 9.9.9
redhat enterprise_linux_eus 7.6
netapp hci_management_node -
netapp solidfire -
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.2
isc bind 9.11.0
redhat enterprise_linux_server_aus 7.6
netapp data_ontap_edge -
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server_aus 7.3
isc bind 9.10.4
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_eus 7.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_workstation 7.0
netapp steelstore_cloud_integrated_storage -
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_server_aus 7.7
CVE-2016-9147 MEDIUM

named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a response containing an inconsistency among the DNSSEC-related RRsets.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.10.4
isc bind 9.11.0
isc bind 9.9.9
CVE-2016-9444 MEDIUM

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
isc bind 9.4.1
isc bind 9.3.6
isc bind 9.3.5
isc bind 9.9.9
isc bind 9.6.1
isc bind 9.2.8
isc bind 9.3
isc bind 9.0.0
isc bind 9.2.2
isc bind 9.5.0
isc bind 9.3.1
isc bind 9.3.2
isc bind 9.8.1
isc bind 9.1.1
isc bind 9.11.0
isc bind 9.6
isc bind 9.2.6
isc bind 9.5
isc bind 9.5.2
isc bind 9.7.5
isc bind 9.1.0
isc bind 9.2.9
isc bind 9.0
isc bind 9.2.3
isc bind 9.4
isc bind 9.1
isc bind 9.2.0
isc bind 9.1.3
isc bind 9.6.0
isc bind 9.4.3
isc bind 9.7.7
isc bind 9.4.2
isc bind 9.7.2
isc bind 9.3.4
isc bind 9.2.4
isc bind 9.7.6
isc bind 9.2.5
isc bind 9.10.1
isc bind 9.0.1
isc bind 9.1.2
isc bind 9.2.1
isc bind 9.3.0
isc bind 9.10.3
isc bind 9.7.4
isc bind 9.7.3
isc bind 9.8.0
isc bind 9.3.3
isc bind 9.5.3
isc bind 9.5.1
isc bind 9.10.0
isc bind 9.10.4
isc bind 9.10.2
isc bind 9.9.8
isc bind 9.2
isc bind 9.7.1
isc bind 9.2.7
isc bind 9.7.0
isc bind 9.4.0
isc bind 9.6.2
isc bind 9.6.3
CVE-2016-9778 MEDIUM

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the "nxdomain-redirect" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type "redirect" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-388,

Products Affected

Vendor Product Version
netapp data_ontap_edge -
netapp solidfire_element_os_management_node -
isc bind 9.11.0
isc bind 9.9.9
isc bind 9.9.8
CVE-2017-3135 MEDIUM

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
isc bind 9.9.9
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_workstation 7.0
isc bind 9.9.3
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_eus 7.5
isc bind 9.11.0
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.6
netapp data_ontap_edge -
isc bind 9.9.10
redhat enterprise_linux_server_aus 7.3
isc bind 9.10.0
isc bind 9.10.4
isc bind 9.11.1
redhat enterprise_linux_desktop 7.0
isc bind 9.9.8
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.4
netapp element_software_management_node -
isc bind 9.10.5
CVE-2017-3136 MEDIUM

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
netapp oncommand_balance -
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_workstation 7.0
isc bind 9.9.3
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_server 6.0
isc bind 9.9.0
redhat enterprise_linux_server_eus 7.5
isc bind 9.11.0
redhat enterprise_linux_server_eus 7.3
isc bind 9.8.0
redhat enterprise_linux_server_aus 7.6
netapp data_ontap_edge -
isc bind 9.9.10
redhat enterprise_linux_server_aus 7.3
isc bind 9.10.4
isc bind 9.11.1
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_server_aus 7.4
isc bind 9.10.5
netapp element_software -
CVE-2017-3137 MEDIUM

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lead to a situation in which named would exit with an assertion failure when processing a response in which records occurred in an unusual order. Affects BIND 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_server_eus 7.2
netapp oncommand_balance -
isc bind 9.9.9
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
isc bind 9.11.0
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.6
netapp data_ontap_edge -
isc bind 9.9.10
redhat enterprise_linux_server_aus 7.3
isc bind 9.10.4
isc bind 9.11.1
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 7.2
isc bind 9.10.5
netapp element_software -
CVE-2017-3138 LOW

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9.

CVSS 2.0

Severity: LOW

Problem Type: CWE-617,

Products Affected

Vendor Product Version
netapp data_ontap_edge -
isc bind 9.9.10
isc bind 9.10.4
debian debian_linux 8.0
isc bind 9.11.1
isc bind 9.11.0
isc bind 9.10.5
netapp oncommand_balance -
isc bind 9.9.9
netapp element_software -
CVE-2017-3140 MEDIUM

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
netapp data_ontap_edge -
isc bind 9.9.10
isc bind *
isc bind 9.10.5
netapp oncommand_balance -
netapp element_software -
CVE-2017-3141 HIGH

The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-428,

Products Affected

Vendor Product Version
isc bind 9.3.2
isc bind *
isc bind 9.2.6
CVE-2017-3142 MEDIUM

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.6
isc bind 9.9.10
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.6
isc bind 9.11.1
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_workstation 7.0
isc bind 9.9.3
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.4
debian debian_linux 8.0
redhat enterprise_linux_server 6.0
isc bind 9.9.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.3
isc bind 9.10.5
CVE-2017-3143 MEDIUM

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.6
isc bind 9.9.10
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_tus 7.6
isc bind 9.11.1
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_workstation 7.0
isc bind 9.9.3
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.4
debian debian_linux 8.0
redhat enterprise_linux_server 6.0
isc bind 9.9.0
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.3
isc bind 9.10.5
CVE-2017-3144 MEDIUM

A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 7.6
isc dhcp *
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.4
isc dhcp 4.1-esv
redhat enterprise_linux_server_tus 7.4
debian debian_linux 8.0
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_eus 7.5
isc dhcp 4.1.0
canonical ubuntu_linux 16.04
CVE-2017-3145 MEDIUM

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_eus 7.4
juniper junos 12.1x46-d76
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_eus 6.7
redhat enterprise_linux_workstation 7.0
isc bind 9.9.3
redhat enterprise_linux_server 7.0
debian debian_linux 8.0
redhat enterprise_linux_server_tus 7.2
juniper junos 12.3x48-d70
isc bind 9.12.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
isc bind 9.9.11
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.6
netapp data_ontap_edge -
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_desktop 7.0
isc bind *
juniper junos 18.1r2
redhat enterprise_linux_server_aus 6.5
juniper junos 15.1x49-d140
juniper junos 17.4r2
redhat enterprise_linux_server_aus 6.6
juniper junos 18.2r1
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 6.4
redhat enterprise_linux_server_aus 7.2
isc bind 9.10.6
isc bind 9.10.5
CVE-2018-5732 MEDIUM

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
isc dhcp 4.1-esv
isc dhcp *
isc dhcp 4.1.2
isc dhcp 4.4.0
CVE-2018-5733 MEDIUM

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.6
isc dhcp *
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_workstation 6.0
debian debian_linux 7.0
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
redhat enterprise_linux_server_aus 7.4
isc dhcp 4.1-esv
debian debian_linux 8.0
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
isc dhcp 4.1.0
canonical ubuntu_linux 16.04
isc dhcp 4.4.0
CVE-2018-5734 MEDIUM

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
netapp data_ontap_edge -
netapp solidfire_element_os_management_node -
isc bind 9.10.6
isc bind 9.10.5
CVE-2018-5736 LOW

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to cause a vulnerable server to initiate zone transfers (for example: by sending valid NOTIFY messages), causing the named process to exit after failing the assertion test. Affects BIND 9.12.0 and 9.12.1.

CVSS 2.0

Severity: LOW

Problem Type: CWE-617,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
netapp data_ontap_edge -
isc bind 9.12.0
netapp cloud_backup -
isc bind 9.12.1
CVE-2018-5737 MEDIUM

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some cases cause undesirable behavior from named, such as a recursion loop or excessive logging. Deliberate exploitation of this condition could cause operational problems depending on the particular manifestation -- either degradation or denial of service. Affects BIND 9.12.0 and 9.12.1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
netapp data_ontap_edge -
isc bind 9.12.0
netapp cloud_backup -
isc bind 9.12.1
CVE-2018-5738 MEDIUM

Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not specified a value for the "allow-recursion" setting, it SHOULD default to one of the following: none, if "recursion no;" is set in named.conf; a value inherited from the "allow-query-cache" or "allow-query" settings IF "recursion yes;" (the default for that setting) AND match lists are explicitly set for "allow-query-cache" or "allow-query" (see the BIND9 Administrative Reference Manual section 6.2 for more details); or the intended default of "allow-recursion {localhost; localnets;};" if "recursion yes;" is in effect and no values are explicitly set for "allow-query-cache" or "allow-query". However, because of the regression introduced by change #4777, it is possible when "recursion yes;" is in effect and no match list values are provided for "allow-query-cache" or "allow-query" for the setting of "allow-recursion" to inherit a setting of all hosts from the "allow-query" setting default, improperly permitting recursion to all clients. Affects BIND 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from BIND 9 Supported Preview Edition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
isc bind 9.9.12
canonical ubuntu_linux 18.04
isc bind 9.10.7
isc bind 9.12.0
isc bind 9.11.3
isc bind 9.13.0
isc bind 9.12.1
CVE-2018-5739 MEDIUM

An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
isc kea 1.4.0
CVE-2018-5740 MEDIUM

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.6
netapp data_ontap_edge -
canonical ubuntu_linux 12.04
opensuse leap 42.3
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
isc bind *
redhat enterprise_linux_workstation 6.0
hp hp-ux -
opensuse leap 15.1
redhat enterprise_linux_workstation 7.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_server 7.0
debian debian_linux 9.0
debian debian_linux 8.0
opensuse leap 15.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_eus 7.5
canonical ubuntu_linux 16.04
CVE-2018-5741 MEDIUM

To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used when sending the update request. Unfortunately, some rule types were not initially documented, and when documentation for them was added to the Administrator Reference Manual (ARM) in change #3112, the language that was added to the ARM at that time incorrectly described the behavior of two rule types, krb5-subdomain and ms-subdomain. This incorrect documentation could mislead operators into believing that policies they had configured were more restrictive than they actually were. This affects BIND versions prior to BIND 9.11.5 and BIND 9.12.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
isc bind *
CVE-2018-5742 MEDIUM

While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind *
CVE-2018-5743 MEDIUM

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contained an error which could be exploited to grow the number of simultaneous connections beyond this limit. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.6, 9.12.0 -> 9.12.4, 9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 -> 9.11.5-S3, and 9.11.5-S5. Versions 9.13.0 -> 9.13.7 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5743.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
f5 big-ip_domain_name_system 15.0.0
isc bind 9.14.0
f5 big-ip_edge_gateway *
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_access_policy_manager *
f5 big-ip_link_controller *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_application_security_manager *
f5 big-ip_local_traffic_manager *
isc bind 9.11.5
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_global_traffic_manager 15.0.0
isc bind 9.9.3
f5 big-ip_link_controller 15.0.0
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_analytics 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_webaccelerator 15.0.0
isc bind *
f5 big-iq_centralized_management *
f5 big-ip_analytics *
f5 iworkflow 2.3.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_global_traffic_manager *
f5 enterprise_manager 3.1.1
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_fraud_protection_service *
f5 big-ip_policy_enforcement_manager 15.0.0
isc bind 9.10.8
f5 big-ip_application_acceleration_manager *
CVE-2018-5744 MEDIUM

A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
isc bind 9.11.5
isc bind 9.12.3
isc bind 9.10.7
isc bind *
isc bind 9.10.8
CVE-2018-5745 LOW

"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit due to an assertion failure if, during key rollover, a trust anchor's keys are replaced with keys which use an unsupported algorithm. Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2018-5745.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
isc bind 9.11.5
isc bind 9.9.3
isc bind 9.12.3
isc bind 9.10.7
isc bind *
isc bind 9.10.8
CVE-2019-6465 MEDIUM

Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. Versions prior to BIND 9.9.0 have not been evaluated for vulnerability to CVE-2019-6465.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
isc bind 9.11.5
isc bind 9.9.3
isc bind 9.12.3
isc bind *
redhat enterprise_linux 8.0
isc bind 9.10.8
CVE-2019-6467 MEDIUM

A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-redirect is a descendant of a zone that is served locally. The most likely scenario where this might occur is if the server, in addition to performing NXDOMAIN redirection for recursive clients, is also serving a local copy of the root zone or using mirroring to provide the root zone, although other configurations are also possible. Versions affected: BIND 9.12.0-> 9.12.4, 9.14.0. Also affects all releases in the 9.13 development branch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.14.0
isc bind *
CVE-2019-6468 MEDIUM

In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure. Versions affected: BIND Supported Preview Edition version 9.10.5-S1 -> 9.11.5-S5. ONLY BIND Supported Preview Edition releases are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.11.5
isc bind 9.10.5
CVE-2019-6469 MEDIUM

An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.10.5
isc bind 9.11.6
CVE-2019-6470 MEDIUM

There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
opensuse leap 15.1
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux_server 7.0
opensuse leap 15.0
isc dhcpd *
redhat enterprise_linux_desktop 7.0
isc bind *
CVE-2019-6471 MEDIUM

A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-617,

Products Affected

Vendor Product Version
f5 big-ip_edge_gateway 14.1.0
f5 big-ip_domain_name_system 15.0.0
f5 big-ip_access_policy_manager 14.0.0
f5 big-ip_edge_gateway 14.0.0
f5 big-ip_link_controller *
f5 big-ip_policy_enforcement_manager 14.0.0
f5 big-ip_edge_gateway 15.0.0
f5 big-ip_local_traffic_manager *
f5 big-ip_global_traffic_manager 9.2.2
f5 big-ip_domain_name_system 14.1.0
f5 big-ip_global_traffic_manager 15.0.0
f5 big-ip_fraud_protection_service 15.0.0
f5 big-ip_analytics 15.0.0
f5 big-ip_webaccelerator 14.1.0
isc bind 9.11.7
f5 big-ip_analytics 14.1.0
f5 big-ip_fraud_protection_service 14.1.0
f5 big-ip_policy_enforcement_manager 9.2.2
isc bind 9.12.4
f5 big-ip_local_traffic_manager 14.0.0
f5 big-iq_centralized_management *
f5 big-ip_domain_name_system 14.0.0
f5 big-ip_domain_name_system 9.2.2
f5 big-ip_analytics *
f5 big-ip_policy_enforcement_manager 14.1.0
f5 big-ip_policy_enforcement_manager *
f5 big-ip_access_policy_manager 15.0.0
f5 big-ip_application_security_manager 14.1.0
f5 big-ip_webaccelerator *
f5 big-ip_application_acceleration_manager 14.0.0
f5 big-ip_fraud_protection_service *
isc bind 9.11.3
f5 big-ip_application_security_manager 14.0.0
f5 big-ip_policy_enforcement_manager 15.0.0
f5 big-ip_access_policy_manager 14.1.0
f5 big-ip_application_acceleration_manager *
f5 big-ip_analytics 14.0.0
f5 big-ip_edge_gateway *
f5 big-ip_advanced_firewall_manager 15.0.0
f5 big-ip_access_policy_manager *
f5 big-ip_domain_name_system *
f5 big-ip_application_security_manager *
f5 big-ip_link_controller 14.1.0
f5 big-ip_global_traffic_manager 14.1.0
f5 big-ip_application_security_manager 15.0.0
f5 big-ip_link_controller 9.2.2
f5 big-ip_link_controller 15.0.0
f5 big-ip_local_traffic_manager 15.0.0
f5 big-ip_advanced_firewall_manager *
f5 big-ip_webaccelerator 15.0.0
f5 big-ip_fraud_protection_service 14.0.0
f5 big-ip_local_traffic_manager 14.1.0
f5 big-ip_advanced_firewall_manager 14.0.0
isc bind *
f5 big-ip_advanced_firewall_manager 14.1.0
f5 iworkflow 2.3.0
f5 big-ip_global_traffic_manager *
f5 enterprise_manager 3.1.1
f5 big-ip_webaccelerator 9.2.2
f5 big-ip_application_acceleration_manager 15.0.0
f5 big-ip_webaccelerator 14.0.0
f5 big-ip_application_acceleration_manager 14.1.0
f5 big-ip_link_controller 14.0.0
f5 big-ip_global_traffic_manager 14.0.0
CVE-2019-6472 LOW

A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc kea 1.6.0
isc kea *
CVE-2019-6474 MEDIUM

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security-officer@isc.org 5.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.1 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
isc kea 1.6.0
isc kea *
CVE-2019-6475 MEDIUM

Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
isc bind *
CVE-2019-6476 MEDIUM

A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind *
CVE-2019-6477 MEDIUM

With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
isc bind 9.11.5
isc bind 9.11.12
fedoraproject fedora 31
isc bind 9.12.4
isc bind *
fedoraproject fedora 30
isc bind 9.11.6
CVE-2020-8616 MEDIUM

A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0
nvd@nist.gov 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
isc bind 9.12.4
isc bind *
isc bind 9.11.8
debian debian_linux 10.0
isc bind 9.11.6
isc bind 9.11.5
isc bind 9.9.3
debian debian_linux 9.0
isc bind 9.10.7
isc bind 9.11.3
isc bind 9.10.5
isc bind 9.11.7
CVE-2020-8617 MEDIUM

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
fedoraproject fedora 31
isc bind 9.12.4
isc bind *
isc bind 9.11.8
fedoraproject fedora 32
canonical ubuntu_linux 19.10
debian debian_linux 10.0
isc bind 9.11.6
isc bind 9.11.5
opensuse leap 15.1
canonical ubuntu_linux 18.04
isc bind 9.9.3
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 14.04
opensuse leap 15.2
canonical ubuntu_linux 20.04
isc bind 9.10.7
isc bind 9.11.3
isc bind 9.10.5
canonical ubuntu_linux 16.04
isc bind 9.11.7
CVE-2020-8618 MEDIUM

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security-officer@isc.org 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
opensuse leap 15.1
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.2
canonical ubuntu_linux 20.04
isc bind *
CVE-2020-8619 MEDIUM

In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6
security-officer@isc.org 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
opensuse leap 15.1
netapp steelstore_cloud_integrated_storage -
fedoraproject fedora 31
opensuse leap 15.2
canonical ubuntu_linux 20.04
isc bind *
fedoraproject fedora 32
debian debian_linux 10.0
CVE-2020-8620 MEDIUM

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.9.12
canonical ubuntu_linux 12.04
opensuse leap 15.1
isc bind 9.11.21
canonical ubuntu_linux 18.04
isc bind 9.9.13
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.2
isc bind *
isc bind 9.11.3
canonical ubuntu_linux 16.04
CVE-2020-8621 MEDIUM

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
opensuse leap 15.1
canonical ubuntu_linux 18.04
netapp steelstore_cloud_integrated_storage -
synology dns_server *
opensuse leap 15.2
canonical ubuntu_linux 20.04
isc bind *
canonical ubuntu_linux 16.04
CVE-2020-8622 MEDIUM

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
isc bind 9.11.21
fedoraproject fedora 31
isc bind *
fedoraproject fedora 32
debian debian_linux 10.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
isc bind 9.9.3
debian debian_linux 9.0
netapp steelstore_cloud_integrated_storage -
synology dns_server *
canonical ubuntu_linux 14.04
opensuse leap 15.2
canonical ubuntu_linux 20.04
canonical ubuntu_linux 16.04
oracle communications_diameter_signaling_router *
CVE-2020-8623 MEDIUM

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.11.21
fedoraproject fedora 31
isc bind *
fedoraproject fedora 32
debian debian_linux 10.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
debian debian_linux 9.0
netapp steelstore_cloud_integrated_storage -
synology dns_server *
opensuse leap 15.2
canonical ubuntu_linux 20.04
isc bind 9.10.5
canonical ubuntu_linux 16.04
CVE-2020-8624 MEDIUM

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
isc bind 9.9.12
isc bind 9.11.21
fedoraproject fedora 31
isc bind *
fedoraproject fedora 32
debian debian_linux 10.0
opensuse leap 15.1
canonical ubuntu_linux 18.04
isc bind 9.9.13
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.2
canonical ubuntu_linux 20.04
isc bind 9.11.3
canonical ubuntu_linux 16.04
CVE-2020-8625 MEDIUM

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9
security-officer@isc.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,

Products Affected

Vendor Product Version
netapp a250_firmware -
isc bind 9.17.0
fedoraproject fedora 33
netapp 500f_firmware -
isc bind 9.11.21
fedoraproject fedora 34
isc bind *
isc bind 9.11.8
fedoraproject fedora 32
isc bind 9.16.11
debian debian_linux 10.0
siemens sinec_infrastructure_network_services *
isc bind 9.11.6
isc bind 9.11.5
isc bind 9.16.8
isc bind 9.17.1
debian debian_linux 9.0
isc bind 9.11.27
netapp cloud_backup -
isc bind 9.11.3
isc bind 9.11.7
CVE-2021-25214 MEDIUM

In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6
security-officer@isc.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.9.12
fedoraproject fedora 33
netapp h500e_firmware -
isc bind 9.11.21
netapp h700e_firmware -
isc bind 9.16.13
isc bind 9.11.8
netapp aff_a250_firmware -
siemens sinec_infrastructure_network_services *
isc bind 9.11.6
isc bind 9.11.5
netapp h500s_firmware -
netapp active_iq_unified_manager -
isc bind 9.9.3
netapp h300e_firmware -
isc bind 9.10.7
netapp cloud_backup -
netapp h700s_firmware -
isc bind 9.11.7
isc bind 9.11.29
fedoraproject fedora 34
isc bind *
isc bind 9.16.11
netapp h410s_firmware -
netapp aff_500f_firmware -
debian debian_linux 10.0
isc bind 9.16.8
debian debian_linux 9.0
isc bind 9.11.12
netapp h300s_firmware -
isc bind 9.9.13
isc bind 9.11.27
isc bind 9.11.3
isc bind 9.10.5
CVE-2021-25215 MEDIUM

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.9.12
netapp a250_firmware -
fedoraproject fedora 33
netapp h500e_firmware -
netapp 500f_firmware -
isc bind 9.11.21
netapp h700e_firmware -
isc bind 9.16.13
isc bind 9.11.8
siemens sinec_infrastructure_network_services *
isc bind 9.11.6
isc bind 9.11.5
netapp h500s_firmware -
netapp active_iq_unified_manager -
isc bind 9.9.3
netapp h300e_firmware -
isc bind 9.10.7
netapp cloud_backup -
oracle tekelec_platform_distribution *
netapp h700s_firmware -
isc bind 9.11.7
isc bind 9.11.29
fedoraproject fedora 34
isc bind *
isc bind 9.16.11
netapp h410s_firmware -
debian debian_linux 10.0
isc bind 9.16.8
debian debian_linux 9.0
isc bind 9.11.12
netapp h300s_firmware -
isc bind 9.9.13
isc bind 9.11.27
isc bind 9.11.3
isc bind 9.10.5
CVE-2021-25216 MEDIUM

In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
security-officer@isc.org 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
isc bind 9.9.12
netapp h500e_firmware -
isc bind 9.11.21
netapp h700e_firmware -
isc bind 9.16.13
isc bind 9.11.8
netapp aff_a250_firmware -
siemens sinec_infrastructure_network_services *
isc bind 9.11.6
isc bind 9.11.5
netapp h500s_firmware -
netapp active_iq_unified_manager -
isc bind 9.9.3
netapp h300e_firmware -
isc bind 9.10.7
netapp cloud_backup -
netapp h700s_firmware -
isc bind 9.11.7
isc bind 9.11.29
isc bind *
isc bind 9.16.11
netapp h410s_firmware -
netapp aff_500f_firmware -
debian debian_linux 10.0
isc bind 9.16.8
debian debian_linux 9.0
isc bind 9.11.12
netapp h300s_firmware -
isc bind 9.9.13
isc bind 9.11.27
isc bind 9.11.3
isc bind 9.10.5
CVE-2021-25217 LOW

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0
security-officer@isc.org 7.4 HIGH CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 2.8 4.0

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
siemens ruggedcom_rox_rx1524_firmware *
fedoraproject fedora 33
siemens ruggedcom_rox_rx1501_firmware *
netapp solidfire_&_hci_management_node -
isc dhcp *
siemens ruggedcom_rox_rx5000_firmware *
fedoraproject fedora 34
siemens ruggedcom_rox_rx1512_firmware *
siemens ruggedcom_rox_rx1511_firmware *
siemens ruggedcom_rox_mx5000_firmware *
siemens sinec_ins *
siemens ruggedcom_rox_rx1400_firmware *
netapp ontap_select_deploy_administration_utility -
siemens ruggedcom_rox_rx1500_firmware *
debian debian_linux 9.0
isc dhcp 4.1-esv
siemens ruggedcom_rox_rx1536_firmware *
siemens sinec_ins 1.0
siemens ruggedcom_rox_rx1510_firmware *
CVE-2021-25218 MEDIUM

In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.16.19
fedoraproject fedora 34
isc bind 9.17.16
CVE-2021-25219 MEDIUM

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
isc bind 9.9.12
fedoraproject fedora 33
netapp h500e_firmware -
isc bind 9.11.21
netapp h700e_firmware -
isc bind 9.16.13
isc bind 9.11.8
siemens sinec_infrastructure_network_services *
isc bind 9.11.6
isc bind 9.11.5
netapp h500s_firmware -
isc bind 9.9.3
netapp h300e_firmware -
isc bind 9.10.7
netapp cloud_backup -
oracle zfs_storage_appliance_kit 8.8
netapp h700s_firmware -
isc bind 9.11.7
debian debian_linux 11.0
isc bind 9.11.29
fedoraproject fedora 34
isc bind *
isc bind 9.16.11
netapp h410s_firmware -
debian debian_linux 10.0
isc bind 9.11.35
isc bind 9.16.8
fedoraproject fedora 35
oracle http_server 12.2.1.3.0
debian debian_linux 9.0
isc bind 9.11.12
netapp h300s_firmware -
isc bind 9.9.13
isc bind 9.16.21
isc bind 9.11.27
isc bind 9.11.3
oracle http_server 12.2.1.4.0
isc bind 9.10.5
netapp h410c_firmware -
CVE-2021-25220 MEDIUM

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-444,

Products Affected

Vendor Product Version
netapp h500e_firmware -
netapp h700e_firmware -
juniper junos 19.4
fedoraproject fedora 36
netapp baseboard_management_controller_h500e_firmware -
netapp h500s_firmware -
siemens sinec_ins *
netapp baseboard_management_controller_h410c_firmware -
netapp baseboard_management_controller_h300e_firmware -
netapp baseboard_management_controller_h700e_firmware -
juniper junos 21.4
netapp baseboard_management_controller_h700s_firmware -
juniper junos 21.2
netapp h300e_firmware -
juniper junos 22.2
siemens sinec_ins 1.0
juniper junos *
juniper junos 22.1
netapp baseboard_management_controller_h300s_firmware -
netapp h700s_firmware -
juniper junos 21.1
juniper junos 20.4
fedoraproject fedora 34
isc bind *
juniper junos 20.3
netapp h410s_firmware -
netapp baseboard_management_controller_h410s_firmware -
netapp baseboard_management_controller_h500s_firmware -
fedoraproject fedora 35
netapp h300s_firmware -
juniper junos 21.3
juniper junos 20.2
netapp h410c_firmware -
juniper junos 19.3
CVE-2022-0396 MEDIUM

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-404,

Products Affected

Vendor Product Version
netapp h500e_firmware -
netapp h700e_firmware -
fedoraproject fedora 36
fedoraproject fedora 34
isc bind *
netapp h410s_firmware -
netapp baseboard_management_controller_h500e_firmware -
netapp baseboard_management_controller_h410s_firmware -
netapp h500s_firmware -
siemens sinec_ins *
netapp baseboard_management_controller_h500s_firmware -
netapp baseboard_management_controller_h410c_firmware -
netapp baseboard_management_controller_h300e_firmware -
netapp baseboard_management_controller_h700e_firmware -
fedoraproject fedora 35
netapp baseboard_management_controller_h700s_firmware -
netapp h300s_firmware -
netapp h300e_firmware -
siemens sinec_ins 1.0
netapp baseboard_management_controller_h300s_firmware -
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2022-0635 MEDIUM

Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.18.0
netapp h500s_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h300s_firmware -
netapp h300e_firmware -
netapp h410s_firmware -
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2022-0667 MEDIUM

When the vulnerability is triggered the BIND process will exit. BIND 9.18.0

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
isc bind 9.18.0
netapp h500s_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h300s_firmware -
netapp h300e_firmware -
netapp h410s_firmware -
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2022-1183 MEDIUM

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-617,

Products Affected

Vendor Product Version
netapp h500s_firmware -
isc bind 9.19.0
netapp h300s_firmware -
isc bind *
netapp h410s_firmware -
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
security-officer@isc.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
isc bind 9.9.12
isc bind 9.11.21
isc bind 9.16.13
fedoraproject fedora 36
isc bind 9.11.14-s1
isc bind 9.11.19-s1
isc bind 9.11.8
isc bind 9.11.6
isc bind 9.11.5
fedoraproject fedora 37
isc bind 9.9.3
isc bind 9.11.37
isc bind 9.10.7
isc bind 9.11.7
debian debian_linux 11.0
isc bind 9.11.29
isc bind *
isc bind 9.16.11
debian debian_linux 10.0
isc bind 9.16.32
isc bind 9.11.35
isc bind 9.16.8
fedoraproject fedora 35
isc bind 9.11.12
isc bind 9.9.13
isc bind 9.16.21
isc bind 9.11.27
isc bind 9.11.3
isc bind 9.10.5
CVE-2022-2881

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

Products Affected

Vendor Product Version
isc bind *
CVE-2022-2906

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

Products Affected

Vendor Product Version
isc bind *
CVE-2022-2928

In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
isc dhcp 4.1-esv
fedoraproject fedora 36
isc dhcp *
debian debian_linux 10.0
CVE-2022-2929

In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
isc dhcp 4.1-esv
fedoraproject fedora 36
isc dhcp *
debian debian_linux 10.0
CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
fedoraproject fedora 36
isc bind 9.16.21
isc bind 9.16.14
isc bind *
isc bind 9.16.32
CVE-2022-3094

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.

Products Affected

Vendor Product Version
isc bind 9.16.8
isc bind 9.16.13
isc bind 9.16.21
isc bind 9.16.14
isc bind 9.16.36
isc bind *
isc bind 9.16.11
isc bind 9.16.32
CVE-2022-3488

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.

Products Affected

Vendor Product Version
isc bind 9.16.8
isc bind 9.11.37
isc bind 9.16.36
isc bind 9.11.4
CVE-2022-3736

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Products Affected

Vendor Product Version
isc bind 9.16.13
isc bind 9.16.21
isc bind 9.16.14
isc bind 9.16.36
isc bind *
isc bind 9.16.11
isc bind 9.16.32
CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
isc bind 9.9.12
isc bind 9.11.21
isc bind 9.16.13
fedoraproject fedora 36
isc bind 9.11.14-s1
isc bind 9.11.19-s1
isc bind 9.11.8
isc bind 9.11.6
isc bind 9.11.5
fedoraproject fedora 37
netapp active_iq_unified_manager -
isc bind 9.9.3
isc bind 9.11.37
isc bind 9.10.7
isc bind 9.11.7
debian debian_linux 11.0
isc bind 9.11.29
isc bind *
isc bind 9.16.11
debian debian_linux 10.0
isc bind 9.16.32
isc bind 9.11.35
isc bind 9.16.8
fedoraproject fedora 35
isc bind 9.11.12
isc bind 9.9.13
isc bind 9.16.21
isc bind 9.11.27
isc bind 9.11.3
isc bind 9.10.5
CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
isc bind 9.11.21
isc bind 9.16.13
fedoraproject fedora 36
isc bind 9.11.14-s1
isc bind 9.11.19-s1
isc bind 9.11.8
isc bind 9.11.6
isc bind 9.11.5
fedoraproject fedora 37
netapp active_iq_unified_manager -
isc bind 9.11.37
isc bind 9.11.7
debian debian_linux 11.0
isc bind 9.11.29
isc bind *
isc bind 9.16.11
isc bind 9.16.32
isc bind 9.11.35
isc bind 9.16.8
fedoraproject fedora 35
isc bind 9.11.12
isc bind 9.16.21
isc bind 9.11.27
isc bind 9.11.3
CVE-2022-3924

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.

Products Affected

Vendor Product Version
isc bind 9.16.13
isc bind 9.16.21
isc bind 9.16.14
isc bind 9.16.36
isc bind *
isc bind 9.16.32
isc bind 9.16.12
CVE-2023-2828

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
debian debian_linux 11.0
isc bind *
netapp h410s_firmware -
debian debian_linux 10.0
netapp h500s_firmware -
fedoraproject fedora 37
netapp active_iq_unified_manager -
netapp h300s_firmware -
debian debian_linux 12.0
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2023-2829

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netapp h500s_firmware -
netapp active_iq_unified_manager -
netapp h300s_firmware -
isc bind *
netapp h410s_firmware -
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2023-2911

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
netapp h500s_firmware -
fedoraproject fedora 37
netapp active_iq_unified_manager -
fedoraproject fedora 38
debian debian_linux 11.0
netapp h300s_firmware -
isc bind *
debian debian_linux 12.0
netapp h410s_firmware -
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2023-3341

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
isc bind 9.9.12
isc bind 9.11.21
isc bind 9.16.13
isc bind 9.11.8
isc bind 9.11.4
isc bind 9.11.6
isc bind 9.11.5
isc bind 9.16.43
fedoraproject fedora 37
isc bind 9.9.3
isc bind 9.11.37
isc bind 9.10.7
isc bind 9.11.7
isc bind 9.16.12
fedoraproject fedora 38
debian debian_linux 11.0
isc bind 9.18.18
isc bind 9.16.36
isc bind 9.11.29
isc bind *
isc bind 9.16.11
debian debian_linux 10.0
isc bind 9.16.32
isc bind 9.11.35
isc bind 9.16.8
isc bind 9.18.0
isc bind 9.11.12
isc bind 9.9.13
isc bind 9.16.21
isc bind 9.11.27
isc bind 9.16.14
isc bind 9.11.3
isc bind 9.10.5
CVE-2023-4236

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
debian debian_linux 11.0
fedoraproject fedora 39
isc bind 9.18.18
isc bind *
netapp h410s_firmware -
debian debian_linux 10.0
netapp h500s_firmware -
fedoraproject fedora 37
netapp h300s_firmware -
isc bind 9.18.11
netapp h410c_firmware -
netapp h700s_firmware -
CVE-2023-4408

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
isc bind 9.16.13
isc bind 9.18.18
isc bind 9.16.36
isc bind *
isc bind 9.16.11
isc bind 9.16.32
isc bind 9.16.8
isc bind 9.18.0
isc bind 9.16.43
isc bind 9.9.3
isc bind 9.16.21
isc bind 9.16.14
netapp ontap 9.14.1
netapp ontap 9.15.1
isc bind 9.18.11
isc bind 9.16.12
CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Products Affected

Vendor Product Version
microsoft windows_server_2019 -
nlnetlabs unbound *
fedoraproject fedora 39
microsoft windows_server_2008 r2
isc bind *
redhat enterprise_linux 9.0
thekelleys dnsmasq *
redhat enterprise_linux 6.0
microsoft windows_server_2022_23h2 -
microsoft windows_server_2012 -
redhat enterprise_linux 7.0
microsoft windows_server_2022 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
nic knot_resolver *
powerdns recursor *
redhat enterprise_linux 8.0
CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Products Affected

Vendor Product Version
fedoraproject fedora 38
debian debian_linux 11.0
fedoraproject fedora 39
redhat enterprise_linux 8.4
isc bind *
debian debian_linux 10.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
netapp active_iq_unified_manager -
redhat enterprise_linux 8.2
netapp bootstrap_os -
netapp hci_baseboard_management_controller -
powerdns recursor *
redhat enterprise_linux 8.0
CVE-2023-5517

A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
isc bind 9.16.45
isc bind 9.16.13
isc bind 9.18.18
isc bind 9.16.36
isc bind 9.18.21
isc bind *
isc bind 9.16.11
isc bind 9.16.32
isc bind 9.16.8
isc bind 9.16.43
netapp active_iq_unified_manager -
isc bind 9.16.21
isc bind 9.16.14
isc bind 9.18.11
isc bind 9.16.12
CVE-2023-5679

A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
fedoraproject fedora 38
fedoraproject fedora 39
isc bind 9.16.45
isc bind 9.16.13
isc bind 9.18.18
isc bind 9.16.36
isc bind 9.18.21
isc bind *
isc bind 9.16.32
isc bind 9.16.43
netapp active_iq_unified_manager -
isc bind 9.16.21
isc bind 9.16.14
isc bind 9.18.11
isc bind 9.16.12
CVE-2023-5680

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
isc bind 9.11.21
isc bind 9.16.13
isc bind 9.11.8
isc bind 9.11.4
isc bind 9.11.6
isc bind 9.11.5
isc bind 9.16.43
netapp active_iq_unified_manager -
isc bind 9.11.37
isc bind 9.11.7
isc bind 9.16.12
isc bind 9.18.18
isc bind 9.16.36
isc bind 9.11.29
isc bind 9.18.21
isc bind 9.16.11
isc bind 9.16.32
isc bind 9.11.35
isc bind 9.16.8
isc bind 9.11.12
isc bind 9.16.21
isc bind 9.11.27
isc bind 9.16.14
isc bind 9.11.3
isc bind 9.18.11
CVE-2023-6516

To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
isc bind 9.16.45
isc bind 9.16.13
isc bind 9.16.36
isc bind *
isc bind 9.16.11
isc bind 9.16.32
isc bind 9.16.8
isc bind 9.16.43
netapp active_iq_unified_manager -
isc bind 9.16.21
isc bind 9.16.14
isc bind 9.16.12
CVE-2024-28872

The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-officer@isc.org 8.9 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H 2.2 6.0

Products Affected

Vendor Product Version
isc stork *