Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

BIND 9 — Vulnerabilities & Security Advisories 60

All 60 CVE vulnerabilities found in BIND 9, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the BIND 9 product developed by ISC. It aggregates findings related to various weakness types, including buffer overflows, denial of service conditions, and incorrect access control implementations. The database collects vulnerability data ranging from early releases in the late 1990s through recent updates in 2023, ensuring comprehensive coverage of the product’s historical security landscape. Here, you can track vendor advisories from the Internet Systems Consortium to understand the timeline and impact of reported issues. The page allows users to understand specific weakness classes by analyzing how they manifest within the BIND DNS software architecture. Researchers and administrators can look up a product’s vulnerability history to assess the cumulative security posture of their deployments. This resource supports informed decision-making regarding patching strategies and configuration hardening. By presenting a consolidated view of known defects, the page highlights recurring patterns in DNS server security, such as race conditions in query processing or flaws in zone file parsing. The information is structured to facilitate deep dives into individual security incidents without requiring external searches. It serves as a reference for understanding the evolution of security controls within BIND 9. Users can correlate specific versions with identified risks to prioritize remediation efforts effectively. This approach provides clarity on the scope of exposure for systems relying on this widely used name server software.

Vendor: ISC

CVE IDTitleCVSSSeverityPublished
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 7.5 High2023-06-21
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled 7.5 High2023-06-21
CVE-2023-2828 named's configured cache size limit can be significantly exceeded 7.5 High2023-06-21
CVE-2022-3924 named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota 7.5 High2023-01-25
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries 7.5 High2023-01-25
CVE-2022-3488 named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries 7.5 High2023-01-25
CVE-2022-3094 An UPDATE message flood may cause named to exhaust all available memory 7.5 High2023-01-25
CVE-2019-6476 An error in QNAME minimization code can cause BIND to exit with an assertion failure 5.9 Medium2019-10-17
CVE-2019-6475 A flaw in mirror zone validity checking can allow zone data to be spoofed 5.9 Medium2019-10-17
CVE-2019-6471 A race condition when discarding malformed packets can cause BIND to exit with an assertion failure 5.9 -2019-10-09
CVE-2019-6467 An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c 5.9 -2019-10-09
CVE-2019-6465 Zone transfer controls for writable DLZ zones were not effective 5.3 -2019-10-09
CVE-2018-5745 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys 4.9 -2019-10-09
CVE-2018-5744 A specially crafted packet can cause named to leak memory 7.5 -2019-10-09
CVE-2018-5743 Limiting simultaneous TCP clients was ineffective --2019-10-09
CVE-2017-3135 Combination of DNS64 and RPZ Can Lead to Crash 5.9 -2019-01-16
CVE-2017-3136 An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" 5.9 -2019-01-16
CVE-2017-3137 A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME 7.5 -2019-01-16
CVE-2017-3138 named exits with a REQUIRE assertion failure if it receives a null command string on its control channel 5.3 -2019-01-16
CVE-2017-3140 An error processing RPZ rules can cause named to loop endlessly after handling a query 7.5 -2019-01-16
CVE-2017-3141 Windows service and uninstall paths are not quoted when BIND is installed 7.8 -2019-01-16
CVE-2017-3142 An error in TSIG authentication can permit unauthorized zone transfers 3.7 -2019-01-16
CVE-2017-3143 An error in TSIG authentication can permit unauthorized dynamic updates 5.9 -2019-01-16
CVE-2017-3145 Improper fetch cleanup sequencing in the resolver can cause named to crash 7.5 -2019-01-16
CVE-2018-5734 A malformed request can trigger an assertion failure in badcache.c 7.5 -2019-01-16
CVE-2018-5737 BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled. 7.5 -2019-01-16
CVE-2018-5738 Some versions of BIND can improperly permit recursive query service to unauthorized clients 7.5 -2019-01-16
CVE-2018-5740 A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named 7.5 -2019-01-16
CVE-2018-5741 Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation 2.7 -2019-01-16
CVE-2016-9778 An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c 5.9 -2019-01-16

All 60 known CVE vulnerabilities affecting BIND 9 with full Chinese analysis, references, and POCs where available.