ISC Latest Vulnerabilities

July 23

Stale Data and Assertion Failures in BIND 9 Versions

CVE-2024-4076
IscBind 97.5HIGH

Excessive CPU Usage for DNSSEC-Validated 'KEY' Resource Records in BIND 9

CVE-2024-1975
IscBind 97.5HIGH

Degraded Performance in BIND Due to Large DNS Caches

CVE-2024-1737
IscBind 97.5HIGH

DNS Server Unstable During Malicious DNS Message Flood

CVE-2024-0760
IscBind 97.5HIGH

July 11

Stork TLS Certificate Validation Code Flawed, Leading to Potential Data Loss and Denial of Service

CVE-2024-28872
IscStork8.1HIGH

February 13

Named Resolver May Experience Infinite Loop of Cache Maintenance

CVE-2023-6516
IscBind 9👾7.5HIGH

Large ECS Record Cache Impairs Query Performance

CVE-2023-5680
ISCBIND 95.3MEDIUM

BIND named Crashes with DNS64 and Serve-Stale Interaction

CVE-2023-5679
IscBind 97.5HIGH

Premature Exit and Assertion Failure in BIND 9 Due to Query-Handling Code Flaw

CVE-2023-5517
IscBind 9👾7.5HIGH

High CPU Load in DNS Message Parsing Code Affects BIND 9 Versions

CVE-2023-4408
IscBind 97.5HIGH

September 20

A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly

CVE-2023-3341
ISCBIND 97.5HIGH

named may terminate unexpectedly under high DNS-over-TLS query load

CVE-2023-4236
ISCBIND 97.5HIGH

June 21

Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0

CVE-2023-2911
IscBind 9👾7.5HIGH

named's configured cache size limit can be significantly exceeded

CVE-2023-2828
IscBind 9👾7.5HIGH

Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled

CVE-2023-2829
IscBind 9👾7.5HIGH

January 26

named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries

CVE-2022-3736
IscBind 9👾7.5HIGH

An UPDATE message flood may cause named to exhaust all available memory

CVE-2022-3094
IscBind 9👾7.5HIGH

named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries

CVE-2022-3488
IscBind 9👾7.5HIGH

January 25

named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota

CVE-2022-3924
IscBind 9👾7.5HIGH

October 7

DHCP memory leak

CVE-2022-2929
IscIsc Dhcp👾6.5MEDIUM

An option refcount overflow exists in dhcpd

CVE-2022-2928
IscIsc Dhcp👾6.5MEDIUM

September 21

Buffer overread in statistics channel code

CVE-2022-2881
IscBind9👾5.5MEDIUM

Memory leak in ECDSA DNSSEC verification code

CVE-2022-38177
IscBind9👾7.5HIGH

BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly

CVE-2022-3080
IscBind9👾7.5HIGH

Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)

CVE-2022-2906
IscBind9👾7.5HIGH

Processing large delegations may severely degrade resolver performance

CVE-2022-2795
IscBind9👾5.3MEDIUM

Memory leaks in EdDSA DNSSEC verification code

CVE-2022-38178
IscBind9👾7.5HIGH

May 19

Destroying a TLS session early causes assertion failure

CVE-2022-1183
IscBind9👾7.5HIGH

March 23

CVE-2022-0635
IscBind7.5HIGH

DoS from specifically crafted TCP packets

CVE-2022-0396
IscBind5.3MEDIUM

DNS forwarders - cache poisoning vulnerability

CVE-2021-25220
IscBind6.8MEDIUM

March 22

Assertion failure on delayed DS lookup

CVE-2022-0667
IscBind7.5HIGH

October 27

Lame cache can be abused to severely degrade resolver performance

CVE-2021-25219
IscBind9👾5.3MEDIUM

August 18

A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use

CVE-2021-25218
IscBind9👾7.5HIGH

May 26

A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient

CVE-2021-25217
IscIsc Dhcp👾7.4HIGH

April 29

An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself

CVE-2021-25215
IscBind9👾7.5HIGH

A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly

CVE-2021-25214
IscBind9👾6.5MEDIUM

A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack

CVE-2021-25216
IscBind9👾8.1HIGH

February 17

A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack

CVE-2020-8625
IscBind98.1HIGH

August 21

CVE-2020-8620
IscBind9👾7.5HIGH

Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c

CVE-2020-8621
IscBind9👾7.5HIGH

A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

CVE-2020-8623
IscBind9👾7.5HIGH

update-policy rules of type "subdomain" are enforced incorrectly

CVE-2020-8624
IscBind9👾4.3MEDIUM

A truncated TSIG response can lead to an assertion failure

CVE-2020-8622
IscBind9👾6.5MEDIUM

June 17

A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

CVE-2020-8619
IscBind94.9MEDIUM

A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer

CVE-2020-8618
IscBind94.9MEDIUM

May 19

A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c

CVE-2020-8617
IscBind9👾7.5HIGH

BIND does not sufficiently limit the number of fetches performed when processing referrals

CVE-2020-8616
IscBind98.6HIGH

November 20

TCP-pipelined queries can bypass tcp-clients limit

CVE-2019-6477
IscBind97.5HIGH

November 5

CVE-2013-5661
IscBind5.9MEDIUM

October 16

A flaw in mirror zone validity checking can allow zone data to be spoofed

CVE-2019-6475
IscBind 95.9MEDIUM

An error in QNAME minimization code can cause BIND to exit with an assertion failure

CVE-2019-6476
IscBind 95.9MEDIUM

October 9

A specially crafted packet can cause named to leak memory

CVE-2018-5744
IscBind 97.5HIGH

An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

CVE-2018-5745
IscBind 94.9MEDIUM

Limiting simultaneous TCP clients was ineffective

CVE-2018-5743
IscBind 97.5HIGH

A specially constructed response from a malicious server can cause a buffer overflow in dhclient

CVE-2018-5732
IscIsc Dhcp7.5HIGH

August 28

A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

CVE-2019-6473
IscKea6.5MEDIUM

A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

CVE-2019-6472
IscKea6.5MEDIUM

A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

CVE-2019-6474
IscKea5.7MEDIUM

June 19

A race condition when discarding malformed packets can cause BIND to exit with an assertion failure

CVE-2019-6471
IscBind 95.9MEDIUM

May 29

BIND Supported Preview Edition can exit with an assertion failure if ECS is in use

CVE-2019-6469
IscBind 9 Supported Previ...5.9MEDIUM

April 24

BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used

CVE-2019-6468
IscBind 9 Supported Previ...5.3MEDIUM

An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c

CVE-2019-6467
IscBind 9👾5.9MEDIUM

February 21

Zone transfer controls for writable DLZ zones were not effective

CVE-2019-6465
IscBind 95.3MEDIUM

January 16

Failure to release memory may exhaust system resources

CVE-2018-5739
IscKea Dhcp6.5MEDIUM

Windows service and uninstall paths are not quoted when BIND is installed

CVE-2017-3141
IscBind 9👾7.2HIGH

A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named

CVE-2018-5740
IscBind 9👾7.5HIGH

An error processing RPZ rules can cause named to loop endlessly after handling a query

CVE-2017-3140
IscBind 93.7LOW

Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation

CVE-2018-5741
IscBind 96.5MEDIUM

An error in TSIG authentication can permit unauthorized dynamic updates

CVE-2017-3143
IscBind 9👾7.5HIGH

Failure to properly clean up closed OMAPI connections can exhaust available sockets

CVE-2017-3144
IscIsc Dhcp5.3MEDIUM

named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

CVE-2017-3138
IscBind 96.5MEDIUM

An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"

CVE-2017-3136
IscBind 95.9MEDIUM

An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c

CVE-2016-9778
IscBind 97.5HIGH

A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

CVE-2017-3137
IscBind 97.5HIGH

BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.

CVE-2018-5737
IscBind 95.9MEDIUM

Some versions of BIND can improperly permit recursive query service to unauthorized clients

CVE-2018-5738
IscBind 9👾5.3MEDIUM

A malicious client can overflow a reference counter in ISC dhcpd

CVE-2018-5733
IscIsc Dhcp5.9MEDIUM

A malformed request can trigger an assertion failure in badcache.c

CVE-2018-5734
IscBind 97.5HIGH

Improper fetch cleanup sequencing in the resolver can cause named to crash

CVE-2017-3145
IscBind 97.5HIGH

CVE-2018-5736
IscBind5.3MEDIUM

June 29

An error in TSIG authentication can permit unauthorized zone transfers

CVE-2017-3142
IscBind 95.3MEDIUM

February 8

Combination of DNS64 and RPZ Can Lead to Crash

CVE-2017-3135
IscBind 97.5HIGH

January 12

CVE-2016-9444
IscBind7.5HIGH

CVE-2016-9131
IscBind7.5HIGH

CVE-2016-9147
IscBind7.5HIGH

November 2

CVE-2016-8864
IscBind7.5HIGH

October 21

CVE-2016-2848
IscBind7.5HIGH

July 6

CVE-2016-6170
IscBind6.5MEDIUM

March 9

CVE-2016-1286
IscBind8.6HIGH

CVE-2016-2088
IscBind6.8MEDIUM

CVE-2016-1285
IscBind6.8MEDIUM

CVE-2016-2774
IscDhcp5.9MEDIUM

February 4

CVE-2016-1284
IscBind5.9MEDIUM

January 20

CVE-2015-8705
IscBind7HIGH

CVE-2015-8704
IscBind6.5MEDIUM

December 22

CVE-2015-8373
IscKea6.8MEDIUM

December 16

CVE-2015-8461
IscBind

September 5

CVE-2015-5722
IscBind

CVE-2015-5986
IscBind