Isc

Bind

193 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 1.81%
  • Veröffentlicht 20.05.2026 13:16:40
  • Zuletzt bearbeitet 30.06.2026 03:21:10

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Special...

Medienbericht
  • EPSS 1.39%
  • Veröffentlicht 20.05.2026 13:16:40
  • Zuletzt bearbeitet 30.06.2026 03:21:10

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients"...

  • EPSS 0.55%
  • Veröffentlicht 20.05.2026 13:16:40
  • Zuletzt bearbeitet 21.05.2026 15:24:34

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. T...

  • EPSS 1.05%
  • Veröffentlicht 20.05.2026 13:16:23
  • Zuletzt bearbeitet 30.06.2026 03:19:09

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Direct...

  • EPSS 0.41%
  • Veröffentlicht 20.05.2026 13:16:23
  • Zuletzt bearbeitet 21.05.2026 15:24:25

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 thr...

Medienbericht
  • EPSS 1.84%
  • Veröffentlicht 20.05.2026 13:16:23
  • Zuletzt bearbeitet 30.06.2026 03:19:13

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1...

Medienbericht
  • EPSS 0.36%
  • Veröffentlicht 25.03.2026 13:34:14
  • Zuletzt bearbeitet 21.05.2026 15:24:36

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL ...

Medienbericht
  • EPSS 0.58%
  • Veröffentlicht 25.03.2026 13:31:54
  • Zuletzt bearbeitet 21.05.2026 15:24:39

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` co...

Medienbericht
  • EPSS 0.7%
  • Veröffentlicht 25.03.2026 13:29:19
  • Zuletzt bearbeitet 30.06.2026 03:19:11

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18...

Medienbericht
  • EPSS 1.55%
  • Veröffentlicht 25.03.2026 13:25:19
  • Zuletzt bearbeitet 03.07.2026 13:16:57

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers ma...