Isc

Bind

181 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-3488

  • EPSS 7.97%
  • Veröffentlicht 26.01.2023 21:15:52
  • Zuletzt bearbeitet 01.04.2025 15:15:52

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause t...

7.5

CVE-2022-3094

  • EPSS 0.76%
  • Veröffentlicht 26.01.2023 21:15:50
  • Zuletzt bearbeitet 01.04.2025 14:15:16

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated pri...

5.3

CVE-2022-2795

  • EPSS 0.49%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 29.11.2024 12:15:04

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

8.2

CVE-2022-2881

  • EPSS 0.57%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 28.05.2025 16:15:22

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

7.5

CVE-2022-2906

  • EPSS 0.4%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 28.05.2025 16:15:23

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

7.5

CVE-2022-38177

  • EPSS 1.14%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 28.05.2025 16:15:26

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5

CVE-2022-38178

  • EPSS 1.39%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 28.05.2025 16:15:26

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5

CVE-2022-3080

  • EPSS 0.1%
  • Veröffentlicht 21.09.2022 11:15:09
  • Zuletzt bearbeitet 21.11.2024 07:18:46

By sending specific queries to the resolver, an attacker can cause named to crash.

7.5

CVE-2022-1183

  • EPSS 0.39%
  • Veröffentlicht 19.05.2022 10:15:09
  • Zuletzt bearbeitet 21.11.2024 06:40:12

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by b...

4

CVE-2021-25220

  • EPSS 0.09%
  • Veröffentlicht 23.03.2022 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:54:34

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also be...