Isc

Bind

181 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-3488

  • EPSS 7.97%
  • Published 26.01.2023 21:15:52
  • Last modified 01.04.2025 15:15:52

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause t...

7.5

CVE-2022-3094

  • EPSS 0.76%
  • Published 26.01.2023 21:15:50
  • Last modified 01.04.2025 14:15:16

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated pri...

5.3

CVE-2022-2795

  • EPSS 0.49%
  • Published 21.09.2022 11:15:09
  • Last modified 29.11.2024 12:15:04

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.

8.2

CVE-2022-2881

  • EPSS 0.57%
  • Published 21.09.2022 11:15:09
  • Last modified 28.05.2025 16:15:22

The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.

7.5

CVE-2022-2906

  • EPSS 0.4%
  • Published 21.09.2022 11:15:09
  • Last modified 28.05.2025 16:15:23

An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.

7.5

CVE-2022-38177

  • EPSS 1.14%
  • Published 21.09.2022 11:15:09
  • Last modified 28.05.2025 16:15:26

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5

CVE-2022-38178

  • EPSS 1.39%
  • Published 21.09.2022 11:15:09
  • Last modified 28.05.2025 16:15:26

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

7.5

CVE-2022-3080

  • EPSS 0.1%
  • Published 21.09.2022 11:15:09
  • Last modified 21.11.2024 07:18:46

By sending specific queries to the resolver, an attacker can cause named to crash.

7.5

CVE-2022-1183

  • EPSS 0.39%
  • Published 19.05.2022 10:15:09
  • Last modified 21.11.2024 06:40:12

On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by b...

4

CVE-2021-25220

  • EPSS 0.09%
  • Published 23.03.2022 13:15:07
  • Last modified 21.11.2024 05:54:34

BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also be...