Isc Bind9
23 CVEs affecting Isc Bind9. Latest disclosed: 2022-09-21. Critical: 0, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-8616 | High | 8.6 | 2020-05-19 | A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the us… |
CVE-2021-25216 | High | 8.1 | 2021-04-29 | In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well a… |
CVE-2020-8625 | High | 8.1 | 2021-02-17 | BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default s… |
CVE-2022-3080 | High | 7.5 | 2022-09-21 | By sending specific queries to the resolver, an attacker can cause named to crash. |
CVE-2022-38178 | High | 7.5 | 2022-09-21 | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually… |
CVE-2022-38177 | High | 7.5 | 2022-09-21 | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually… |
CVE-2022-2906 | High | 7.5 | 2022-09-21 | An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would… |
CVE-2022-1183 | High | 7.5 | 2022-05-19 | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that includ… |
CVE-2021-25218 | High | 7.5 | 2021-08-18 | In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstance… |
CVE-2021-25215 | High | 7.5 | 2021-04-29 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as… |
CVE-2020-8623 | High | 7.5 | 2020-08-21 | In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that c… |
CVE-2020-8621 | High | 7.5 | 2020-08-21 | In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to… |
CVE-2020-8620 | High | 7.5 | 2020-08-21 | In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to… |
CVE-2020-8617 | High | 7.5 | 2020-05-19 | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesse… |
CVE-2019-6477 | High | 7.5 | 2019-11-26 | With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelinin… |
CVE-2021-25214 | Medium | 6.5 | 2021-04-29 | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview E… |
CVE-2020-8622 | Medium | 6.5 | 2020-08-21 | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the n… |
CVE-2022-2881 | Medium | 5.5 | 2022-09-21 | The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. |
CVE-2022-2795 | Medium | 5.3 | 2022-09-21 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitima… |
CVE-2021-25219 | Medium | 5.3 | 2021-10-27 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as rele… |