ISC Latest Vulnerabilities
July 23
Stale Data and Assertion Failures in BIND 9 Versions
CVE-2024-4076
IscBind 97.5HIGH
Excessive CPU Usage for DNSSEC-Validated 'KEY' Resource Records in BIND 9
CVE-2024-1975
IscBind 97.5HIGH
Degraded Performance in BIND Due to Large DNS Caches
CVE-2024-1737
IscBind 97.5HIGH
DNS Server Unstable During Malicious DNS Message Flood
CVE-2024-0760
IscBind 97.5HIGH
July 11
Stork TLS Certificate Validation Code Flawed, Leading to Potential Data Loss and Denial of Service
CVE-2024-28872
IscStork8.1HIGH
February 13
Named Resolver May Experience Infinite Loop of Cache Maintenance
CVE-2023-6516
IscBind 9👾7.5HIGH
Large ECS Record Cache Impairs Query Performance
CVE-2023-5680
ISCBIND 95.3MEDIUM
BIND named Crashes with DNS64 and Serve-Stale Interaction
CVE-2023-5679
IscBind 97.5HIGH
Premature Exit and Assertion Failure in BIND 9 Due to Query-Handling Code Flaw
CVE-2023-5517
IscBind 9👾7.5HIGH
High CPU Load in DNS Message Parsing Code Affects BIND 9 Versions
CVE-2023-4408
IscBind 97.5HIGH
September 20
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
CVE-2023-3341
ISCBIND 97.5HIGH
named may terminate unexpectedly under high DNS-over-TLS query load
CVE-2023-4236
ISCBIND 97.5HIGH
June 21
Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0
CVE-2023-2911
IscBind 9👾7.5HIGH
named's configured cache size limit can be significantly exceeded
CVE-2023-2828
IscBind 9👾7.5HIGH
Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled
CVE-2023-2829
IscBind 9👾7.5HIGH
January 26
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
CVE-2022-3736
IscBind 9👾7.5HIGH
An UPDATE message flood may cause named to exhaust all available memory
CVE-2022-3094
IscBind 9👾7.5HIGH
named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
CVE-2022-3488
IscBind 9👾7.5HIGH
January 25
named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
CVE-2022-3924
IscBind 9👾7.5HIGH
October 7
DHCP memory leak
CVE-2022-2929
IscIsc Dhcp👾6.5MEDIUM
An option refcount overflow exists in dhcpd
CVE-2022-2928
IscIsc Dhcp👾6.5MEDIUM
September 21
Buffer overread in statistics channel code
CVE-2022-2881
IscBind9👾5.5MEDIUM
Memory leak in ECDSA DNSSEC verification code
CVE-2022-38177
IscBind9👾7.5HIGH
BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly
CVE-2022-3080
IscBind9👾7.5HIGH
Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)
CVE-2022-2906
IscBind9👾7.5HIGH
Processing large delegations may severely degrade resolver performance
CVE-2022-2795
IscBind9👾5.3MEDIUM
Memory leaks in EdDSA DNSSEC verification code
CVE-2022-38178
IscBind9👾7.5HIGH
May 19
Destroying a TLS session early causes assertion failure
CVE-2022-1183
IscBind9👾7.5HIGH
March 23
CVE-2022-0635
IscBind7.5HIGH
DoS from specifically crafted TCP packets
CVE-2022-0396
IscBind5.3MEDIUM
DNS forwarders - cache poisoning vulnerability
CVE-2021-25220
IscBind6.8MEDIUM
March 22
Assertion failure on delayed DS lookup
CVE-2022-0667
IscBind7.5HIGH
October 27
Lame cache can be abused to severely degrade resolver performance
CVE-2021-25219
IscBind9👾5.3MEDIUM
August 18
A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use
CVE-2021-25218
IscBind9👾7.5HIGH
May 26
A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient
CVE-2021-25217
IscIsc Dhcp👾7.4HIGH
April 29
An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself
CVE-2021-25215
IscBind9👾7.5HIGH
A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
CVE-2021-25214
IscBind9👾6.5MEDIUM
A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
CVE-2021-25216
IscBind9👾8.1HIGH
February 17
A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack
CVE-2020-8625
IscBind98.1HIGH
August 21
CVE-2020-8620
IscBind9👾7.5HIGH
Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
CVE-2020-8621
IscBind9👾7.5HIGH
A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
CVE-2020-8623
IscBind9👾7.5HIGH
update-policy rules of type "subdomain" are enforced incorrectly
CVE-2020-8624
IscBind9👾4.3MEDIUM
A truncated TSIG response can lead to an assertion failure
CVE-2020-8622
IscBind9👾6.5MEDIUM
June 17
A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
CVE-2020-8619
IscBind94.9MEDIUM
A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
CVE-2020-8618
IscBind94.9MEDIUM
May 19
A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
CVE-2020-8617
IscBind9👾7.5HIGH
BIND does not sufficiently limit the number of fetches performed when processing referrals
CVE-2020-8616
IscBind98.6HIGH
November 20
TCP-pipelined queries can bypass tcp-clients limit
CVE-2019-6477
IscBind97.5HIGH
November 5
CVE-2013-5661
IscBind5.9MEDIUM
October 16
A flaw in mirror zone validity checking can allow zone data to be spoofed
CVE-2019-6475
IscBind 95.9MEDIUM
An error in QNAME minimization code can cause BIND to exit with an assertion failure
CVE-2019-6476
IscBind 95.9MEDIUM
October 9
A specially crafted packet can cause named to leak memory
CVE-2018-5744
IscBind 97.5HIGH
An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
CVE-2018-5745
IscBind 94.9MEDIUM
Limiting simultaneous TCP clients was ineffective
CVE-2018-5743
IscBind 97.5HIGH
A specially constructed response from a malicious server can cause a buffer overflow in dhclient
CVE-2018-5732
IscIsc Dhcp7.5HIGH
August 28
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
CVE-2019-6473
IscKea6.5MEDIUM
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
CVE-2019-6472
IscKea6.5MEDIUM
A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate
CVE-2019-6474
IscKea5.7MEDIUM
June 19
A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
CVE-2019-6471
IscBind 95.9MEDIUM
May 29
BIND Supported Preview Edition can exit with an assertion failure if ECS is in use
CVE-2019-6469
IscBind 9 Supported Previ...5.9MEDIUM
April 24
BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used
CVE-2019-6468
IscBind 9 Supported Previ...5.3MEDIUM
An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c
CVE-2019-6467
IscBind 9👾5.9MEDIUM
February 21
Zone transfer controls for writable DLZ zones were not effective
CVE-2019-6465
IscBind 95.3MEDIUM
January 16
Failure to release memory may exhaust system resources
CVE-2018-5739
IscKea Dhcp6.5MEDIUM
Windows service and uninstall paths are not quoted when BIND is installed
CVE-2017-3141
IscBind 9👾7.2HIGH
A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named
CVE-2018-5740
IscBind 9👾7.5HIGH
An error processing RPZ rules can cause named to loop endlessly after handling a query
CVE-2017-3140
IscBind 93.7LOW
Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation
CVE-2018-5741
IscBind 96.5MEDIUM
An error in TSIG authentication can permit unauthorized dynamic updates
CVE-2017-3143
IscBind 9👾7.5HIGH
Failure to properly clean up closed OMAPI connections can exhaust available sockets
CVE-2017-3144
IscIsc Dhcp5.3MEDIUM
named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
CVE-2017-3138
IscBind 96.5MEDIUM
An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3136
IscBind 95.9MEDIUM
An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c
CVE-2016-9778
IscBind 97.5HIGH
A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3137
IscBind 97.5HIGH
BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.
CVE-2018-5737
IscBind 95.9MEDIUM
Some versions of BIND can improperly permit recursive query service to unauthorized clients
CVE-2018-5738
IscBind 9👾5.3MEDIUM
A malicious client can overflow a reference counter in ISC dhcpd
CVE-2018-5733
IscIsc Dhcp5.9MEDIUM
A malformed request can trigger an assertion failure in badcache.c
CVE-2018-5734
IscBind 97.5HIGH
Improper fetch cleanup sequencing in the resolver can cause named to crash
CVE-2017-3145
IscBind 97.5HIGH
CVE-2018-5736
IscBind5.3MEDIUM
June 29
An error in TSIG authentication can permit unauthorized zone transfers
CVE-2017-3142
IscBind 95.3MEDIUM
February 8
Combination of DNS64 and RPZ Can Lead to Crash
CVE-2017-3135
IscBind 97.5HIGH
January 12
CVE-2016-9444
IscBind7.5HIGH
CVE-2016-9131
IscBind7.5HIGH
CVE-2016-9147
IscBind7.5HIGH
November 2
CVE-2016-8864
IscBind7.5HIGH
October 21
CVE-2016-2848
IscBind7.5HIGH
July 6
CVE-2016-6170
IscBind6.5MEDIUM
March 9
CVE-2016-1286
IscBind8.6HIGH
CVE-2016-2088
IscBind6.8MEDIUM
CVE-2016-1285
IscBind6.8MEDIUM
CVE-2016-2774
IscDhcp5.9MEDIUM
February 4
CVE-2016-1284
IscBind5.9MEDIUM
January 20
CVE-2015-8705
IscBind7HIGH
CVE-2015-8704
IscBind6.5MEDIUM
December 22
CVE-2015-8373
IscKea6.8MEDIUM
December 16
CVE-2015-8461
IscBind
September 5
CVE-2015-5722
IscBind
CVE-2015-5986
IscBind