Search criteria
65 vulnerabilities found for BIND by ISC
CERTFR-2025-AVI-0913
Vulnerability from certfr_avis - Published: 2025-10-23 - Updated: 2025-10-23
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND versions 9.20.x antérieures à 9.20.15 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions antérieures à 9.18.41-S1 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions 9.20.x antérieures à 9.20.15-S1 | ||
| ISC | BIND | BIND versions 9.21.x antérieures à 9.21.14 | ||
| ISC | BIND | BIND versions antérieures à 9.18.41 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.20.x ant\u00e9rieures \u00e0 9.20.15",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions ant\u00e9rieures \u00e0 9.18.41-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.20.x ant\u00e9rieures \u00e0 9.20.15-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.21.x ant\u00e9rieures \u00e0 9.21.14",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.18.41",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
},
{
"name": "CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"name": "CVE-2025-8677",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
}
],
"initial_release_date": "2025-10-23T00:00:00",
"last_revision_date": "2025-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0913",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2025-10-22",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2025-40778",
"url": "https://kb.isc.org/v1/docs/cve-2025-40778"
},
{
"published_at": "2025-10-22",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2025-8677",
"url": "https://kb.isc.org/v1/docs/cve-2025-8677"
},
{
"published_at": "2025-10-22",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2025-40780",
"url": "https://kb.isc.org/v1/docs/cve-2025-40780"
}
]
}
CERTFR-2025-AVI-0596
Vulnerability from certfr_avis - Published: 2025-07-17 - Updated: 2025-07-17
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | Bind versions 9.20.x antérieures à 9.20.11 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions 9.20.x antérieures à 9.20.11-S1 | ||
| ISC | BIND | Bind versions 9.21.x antérieures à 9.21.10 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions antérieures à 9.18.38-S1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Bind versions 9.20.x ant\u00e9rieures \u00e0 9.20.11",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.20.x ant\u00e9rieures \u00e0 9.20.11-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "Bind versions 9.21.x ant\u00e9rieures \u00e0 9.21.10",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions ant\u00e9rieures \u00e0 9.18.38-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40777"
},
{
"name": "CVE-2025-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40776"
}
],
"initial_release_date": "2025-07-17T00:00:00",
"last_revision_date": "2025-07-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0596",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2025-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2025-40776",
"url": "https://kb.isc.org/v1/docs/cve-2025-40776"
},
{
"published_at": "2025-07-16",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2025-40777",
"url": "https://kb.isc.org/v1/docs/cve-2025-40777"
}
]
}
CERTFR-2025-AVI-0436
Vulnerability from certfr_avis - Published: 2025-05-22 - Updated: 2025-05-22
Une vulnérabilité a été découverte dans ISC BIND. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Bind versions 9.21.x ant\u00e9rieures \u00e0 9.21.8",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "Bind versions 9.20.x ant\u00e9rieures \u00e0 9.20.9",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-40775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40775"
}
],
"initial_release_date": "2025-05-22T00:00:00",
"last_revision_date": "2025-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0436",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ISC BIND. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2025-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2025-40775",
"url": "https://kb.isc.org/v1/docs/cve-2025-40775"
}
]
}
CERTFR-2025-AVI-0092
Vulnerability from certfr_avis - Published: 2025-02-04 - Updated: 2025-02-04
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.18.33",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.21.x ant\u00e9rieures \u00e0 9.21.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.20.x ant\u00e9rieures \u00e0 9.20.5",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions ant\u00e9rieures \u00e0 9.18.33-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
}
],
"initial_release_date": "2025-02-04T00:00:00",
"last_revision_date": "2025-02-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0092",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-04T00:00:00.000000"
},
{
"description": "Retrait de la vuln\u00e9rabilit\u00e9 CVE-2024-28872 et modification des dates des bulletins \u00e9diteur.",
"revision_date": "2025-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2025-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2024-12705",
"url": "https://kb.isc.org/v1/docs/cve-2024-12705"
},
{
"published_at": "2025-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2024-11187",
"url": "https://kb.isc.org/v1/docs/cve-2024-11187"
}
]
}
CERTFR-2025-AVI-0081
Vulnerability from certfr_avis - Published: 2025-01-30 - Updated: 2025-01-30
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND versions 9.1x antérieures à 9.18.33 | ||
| ISC | BIND | BIND versions 9.21.x antérieures à 9.21.4 | ||
| ISC | BIND | BIND versions 9.20.x antérieures à 9.20.5 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions postérieures à 9.11.37-S1 antérieures à 9.18.33-S1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.1x ant\u00e9rieures \u00e0 9.18.33",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.21.x ant\u00e9rieures \u00e0 9.21.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.20.x ant\u00e9rieures \u00e0 9.20.5",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions post\u00e9rieures \u00e0 9.11.37-S1 ant\u00e9rieures \u00e0 9.18.33-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2024-12705",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12705"
}
],
"initial_release_date": "2025-01-30T00:00:00",
"last_revision_date": "2025-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0081",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2025-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2024-12705",
"url": "https://kb.isc.org/v1/docs/cve-2024-12705"
},
{
"published_at": "2025-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2024-11187",
"url": "https://kb.isc.org/v1/docs/cve-2024-11187"
}
]
}
CERTFR-2024-AVI-0618
Vulnerability from certfr_avis - Published: 2024-07-24 - Updated: 2024-07-24
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.19.x ant\u00e9rieures \u00e0 9.20.0",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.11.x \u00e0 9.18.x ant\u00e9rieures \u00e0 9.18.28",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.11.x \u00e0 9.18.x ant\u00e9rieures \u00e0 9.18.28-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-0760",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0760"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
}
],
"initial_release_date": "2024-07-24T00:00:00",
"last_revision_date": "2024-07-24T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0618",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-24T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2024-4076",
"url": "https://kb.isc.org/v1/docs/cve-2024-4076"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2024-1737",
"url": "https://kb.isc.org/v1/docs/cve-2024-1737"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2024-0760",
"url": "https://kb.isc.org/v1/docs/cve-2024-0760"
},
{
"published_at": "2024-07-23",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2024-1975",
"url": "https://kb.isc.org/v1/docs/cve-2024-1975"
}
]
}
CERTFR-2024-AVI-0122
Vulnerability from certfr_avis - Published: 2024-02-13 - Updated: 2024-02-13
De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | Bind versions antérieures à 9.16.48 | ||
| ISC | BIND | Bind Supported Preview Edition versions 9.18.x postérieures à 9.18.11-S1 et antérieures à 9.18.24-S1 | ||
| ISC | BIND | Bind Supported Preview Edition versions 9.x postérieures à 9.9.3-S1 et antérieures à 9.16.48-S1 | ||
| ISC | BIND | Bind versions 9.18.x antérieures à 9.18.24 | ||
| ISC | BIND | Bind versions 9.19.x antérieures à 9.19.21 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Bind versions ant\u00e9rieures \u00e0 9.16.48",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "Bind Supported Preview Edition versions 9.18.x post\u00e9rieures \u00e0 9.18.11-S1 et ant\u00e9rieures \u00e0 9.18.24-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "Bind Supported Preview Edition versions 9.x post\u00e9rieures \u00e0 9.9.3-S1 et ant\u00e9rieures \u00e0 9.16.48-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "Bind versions 9.18.x ant\u00e9rieures \u00e0 9.18.24",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "Bind versions 9.19.x ant\u00e9rieures \u00e0 9.19.21",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"name": "CVE-2023-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
},
{
"name": "CVE-2023-5517",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5517"
},
{
"name": "CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"name": "CVE-2023-6516",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6516"
},
{
"name": "CVE-2023-4236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4236"
},
{
"name": "CVE-2023-5679",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5679"
},
{
"name": "CVE-2023-5680",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5680"
}
],
"initial_release_date": "2024-02-13T00:00:00",
"last_revision_date": "2024-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0122",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eBind\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-5679 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-5679"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-6516 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-6516"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-5517 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-5517"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-5680 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-5680"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-50387 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-50387"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-50868 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-50868"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind CVE-2023-4408 du 13 f\u00e9vrier 2024",
"url": "https://kb.isc.org/v1/docs/cve-2023-4408"
}
]
}
CERTFR-2023-AVI-0767
Vulnerability from certfr_avis - Published: 2023-09-21 - Updated: 2023-09-21
De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND édition Supported Preview versions 9.9.3-S1 à 9.16.43-S1 antérieures à 9.16.44-S1 | ||
| ISC | BIND | BIND versions 9.2.0 à 9.16.43 antérieures à 9.16.44 | ||
| ISC | BIND | BIND édition Supported Preview versions 9.18.0-S1 à 9.18.18-S1 antérieures à 9.18.19-S1 | ||
| ISC | BIND | BIND versions 9.19.0 à 9.19.16 antérieures à 9.19.17 | ||
| ISC | BIND | BIND versions 9.18.0 à 9.18.18 antérieures à 9.18.19 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND \u00e9dition Supported Preview versions 9.9.3-S1 \u00e0 9.16.43-S1 ant\u00e9rieures \u00e0 9.16.44-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.2.0 \u00e0 9.16.43 ant\u00e9rieures \u00e0 9.16.44",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND \u00e9dition Supported Preview versions 9.18.0-S1 \u00e0 9.18.18-S1 ant\u00e9rieures \u00e0 9.18.19-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.19.0 \u00e0 9.19.16 ant\u00e9rieures \u00e0 9.19.17",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.0 \u00e0 9.18.18 ant\u00e9rieures \u00e0 9.18.19",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-4236",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4236"
}
],
"initial_release_date": "2023-09-21T00:00:00",
"last_revision_date": "2023-09-21T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eBind\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2023-4236 du 20 septembre 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-4236"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2023-3341 du 20 septembre 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-3341"
}
]
}
CERTFR-2023-AVI-0479
Vulnerability from certfr_avis - Published: 2023-06-22 - Updated: 2023-06-22
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND versions 9.19.0 à 9.19.13 antérieures à 9.19.14 | ||
| ISC | BIND | BIND versions 9.18.7 à 9.18.15 antérieures à 9.18.16 | ||
| ISC | BIND | BIND versions 9.16.33 à 9.16.41 antérieures à 9.16.42 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.18.11-S1 à 9.18.15-S1 antérieures à 9.18.16-S1 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.11.3-S1 à 9.16.41-S1 antérieures à 9.16.42-S1 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.19.0 \u00e0 9.19.13 ant\u00e9rieures \u00e0 9.19.14",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.7 \u00e0 9.18.15 ant\u00e9rieures \u00e0 9.18.16",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.16.33 \u00e0 9.16.41 ant\u00e9rieures \u00e0 9.16.42",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.18.11-S1 \u00e0 9.18.15-S1 ant\u00e9rieures \u00e0 9.18.16-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.11.3-S1 \u00e0 9.16.41-S1 ant\u00e9rieures \u00e0 9.16.42-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-2911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2911"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2022-3924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3924"
},
{
"name": "CVE-2023-2829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2829"
}
],
"initial_release_date": "2023-06-22T00:00:00",
"last_revision_date": "2023-06-22T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0479",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2023-2829 du 21 juin 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-2829"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2023-2911 du 21 juin 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-2911"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2023-2828 du 21 juin 2023",
"url": "https://kb.isc.org/v1/docs/cve-2023-2828"
}
]
}
CERTFR-2023-AVI-0059
Vulnerability from certfr_avis - Published: 2023-01-26 - Updated: 2023-01-26
De multiples vulnérabilités ont été découvertes dans ISC Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
L'éditeur ne propose aucun correctif de sécurité pour les produits BIND ayant une version 9.11.x et BIND Supported Preview Edition ayant une version entre 9.11.4-S1 et 9.11.37-S1.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND versions 9.19.x antérieures à 9.19.9 | ||
| ISC | BIND | BIND versions 9.18.x antérieures à 9.18.11 | ||
| ISC | BIND | BIND versions 9.11.x | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.11.4-S1 à 9.11.37-S1 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.16.8-S1 et suivantes antérieures à 9.16.37-S1 | ||
| ISC | BIND | BIND versions 9.16.x antérieures à 9.16.37 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.19.x ant\u00e9rieures \u00e0 9.19.9",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.x ant\u00e9rieures \u00e0 9.18.11",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.11.x",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.11.4-S1 \u00e0 9.11.37-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.16.8-S1 et suivantes ant\u00e9rieures \u00e0 9.16.37-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.16.x ant\u00e9rieures \u00e0 9.16.37",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nL\u0027\u00e9diteur ne propose aucun correctif de s\u00e9curit\u00e9 pour les produits BIND\nayant une version 9.11.x et BIND Supported Preview Edition ayant une\nversion entre 9.11.4-S1 et 9.11.37-S1.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3488",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3488"
},
{
"name": "CVE-2022-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3736"
},
{
"name": "CVE-2022-3924",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3924"
},
{
"name": "CVE-2022-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3094"
}
],
"initial_release_date": "2023-01-26T00:00:00",
"last_revision_date": "2023-01-26T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0059",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans\u00a0ISC Bind. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-3488 du 25 janvier 2023",
"url": "https://kb.isc.org/v1/docs/cve-2022-3488"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-3924 du 25 janvier 2023",
"url": "https://kb.isc.org/v1/docs/cve-2022-3924"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-3094 du 25 janvier 2023",
"url": "https://kb.isc.org/v1/docs/cve-2022-3094"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-3736 du 25 janvier 2023",
"url": "https://kb.isc.org/v1/docs/cve-2022-3736"
}
]
}
CERTFR-2022-AVI-848
Vulnerability from certfr_avis - Published: 2022-09-21 - Updated: 2022-09-21
De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND Supported Preview Edition versions antérieures à 9.11.37-S1 | ||
| ISC | BIND | BIND versions antérieures à 9.16.32 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.16.8-S1 antérieures à 9.16.32-S1 | ||
| ISC | BIND | BIND versions 9.18.0 antérieures à 9.18.6 | ||
| ISC | BIND | BIND versions 9.19.0 antérieures à 9.19.4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND Supported Preview Edition versions ant\u00e9rieures \u00e0 9.11.37-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.16.32",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.16.8-S1 ant\u00e9rieures \u00e0 9.16.32-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.0 ant\u00e9rieures \u00e0 9.18.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.19.0 ant\u00e9rieures \u00e0 9.19.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-2906",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2906"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2022-3080",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3080"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-2881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2881"
}
],
"initial_release_date": "2022-09-21T00:00:00",
"last_revision_date": "2022-09-21T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-848",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Bind. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-2795 du 21 septembre 2022",
"url": "https://kb.isc.org/v1/docs/cve-2022-2795"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-38177 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-38177"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-2881 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-2881"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-2906 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-2906"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-3080 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-3080"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2022-38178 du 21 septembre 2022",
"url": "https://kb.isc.org/docs/cve-2022-38178"
}
]
}
CERTFR-2022-AVI-474
Vulnerability from certfr_avis - Published: 2022-05-19 - Updated: 2022-05-19
Une vulnérabilité a été découverte dans ISC Bind. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.19.x ant\u00e9rieures \u00e0 9.19.1 (Branche d\u00e9veloppement)",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.18.x ant\u00e9rieures \u00e0 9.18.3",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1183",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1183"
}
],
"initial_release_date": "2022-05-19T00:00:00",
"last_revision_date": "2022-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-474",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ISC Bind. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans ISC Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-1183 du 18 mai 2022",
"url": "https://kb.isc.org/v1/docs/cve-2022-1183"
}
]
}
CERTFR-2022-AVI-254
Vulnerability from certfr_avis - Published: 2022-03-17 - Updated: 2022-03-17
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND Supported Preview Edition versions 9.16.x antérieures à 9.16.27-S1 | ||
| ISC | BIND | BIND versions 9.11.x antérieures à 9.11.37 | ||
| ISC | BIND | BIND versions 9.17.x à 9.18.x antérieures à 9.18.1 | ||
| ISC | BIND | BIND versions 9.12.x à 9.16.x antérieures à 9.16.27 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.11.x antérieures à 9.11.37-S1 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND Supported Preview Edition versions 9.16.x ant\u00e9rieures \u00e0 9.16.27-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.11.x ant\u00e9rieures \u00e0 9.11.37",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.17.x \u00e0 9.18.x ant\u00e9rieures \u00e0 9.18.1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.27",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.11.x ant\u00e9rieures \u00e0 9.11.37-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2022-03-17T00:00:00",
"last_revision_date": "2022-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-254",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2021-25220 du 16 mars 2022",
"url": "https://kb.isc.org/v1/docs/cve-2021-25220"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-0667 du 16 mars 2022",
"url": "https://kb.isc.org/v1/docs/cve-2022-0667"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-0396 du 16 mars 2022",
"url": "https://kb.isc.org/v1/docs/cve-2022-0396"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2022-0635 du 16 mars 2022",
"url": "https://kb.isc.org/v1/docs/cve-2022-0635"
}
]
}
CERTFR-2021-AVI-828
Vulnerability from certfr_avis - Published: 2021-10-28 - Updated: 2021-10-28
Une vulnérabilité a été découverte dans ISC BIND. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND Supported Preview Edition versions 9.16.x-S1 antérieures à 9.16.22-S1 | ||
| ISC | BIND | BIND versions 9.12.x à 9.16.x antérieures à 9.16.22 | ||
| ISC | BIND | BIND versions 9.3.x à 9.11.x antérieures à 9.11.36 | ||
| ISC | BIND | BIND Supported Preview Edition versions 9.9.3-S1 à 9.11.x-S1 antérieures à 9.11.36-S1 | ||
| ISC | BIND | BIND versions 9.17.x antérieures à 9.17.19 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND Supported Preview Edition versions 9.16.x-S1 ant\u00e9rieures \u00e0 9.16.22-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.22",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.3.x \u00e0 9.11.x ant\u00e9rieures \u00e0 9.11.36",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.9.3-S1 \u00e0 9.11.x-S1 ant\u00e9rieures \u00e0 9.11.36-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.17.x ant\u00e9rieures \u00e0 9.17.19",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
}
],
"initial_release_date": "2021-10-28T00:00:00",
"last_revision_date": "2021-10-28T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-828",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ISC BIND. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans ISC BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND du 27 octobre 2021",
"url": "https://kb.isc.org/v1/docs/cve-2021-25219"
}
]
}
CERTFR-2021-AVI-644
Vulnerability from certfr_avis - Published: 2021-08-19 - Updated: 2021-08-27
Une vulnérabilité a été découverte dans ISC BIND. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND version 9.17.16 corrig\u00e9e par la version 9.17.17",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND version 9.16.19 corrig\u00e9e par la version 9.16.20",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND (Preview Edition) version 9.16.19-S1 corrig\u00e9e par la version 9.16.20-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25218",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25218"
}
],
"initial_release_date": "2021-08-19T00:00:00",
"last_revision_date": "2021-08-27T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-644",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-19T00:00:00.000000"
},
{
"description": "Clarification des versions affect\u00e9es. Ajout de la version \"Preview\".",
"revision_date": "2021-08-27T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ISC BIND. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans ISC BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC cve-2021-25218 du 18 ao\u00fbt 2021",
"url": "https://kb.isc.org/v1/docs/cve-2021-25218"
}
]
}
CERTFR-2021-AVI-325
Vulnerability from certfr_avis - Published: 2021-04-29 - Updated: 2021-05-04
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.15",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.11.31",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.17.x ant\u00e9rieures \u00e0 9.17.12",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25215",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
},
{
"name": "CVE-2021-25216",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25216"
},
{
"name": "CVE-2021-25214",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
}
],
"initial_release_date": "2021-04-29T00:00:00",
"last_revision_date": "2021-05-04T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-29T00:00:00.000000"
},
{
"description": "Ajout du risque \"Ex\u00e9cution de code arbitraire \u00e0 distance\".",
"revision_date": "2021-05-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2021-25214 du 28 avril 2021",
"url": "https://kb.isc.org/v1/docs/cve-2021-25214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2021-25216 du 28 avril 2021",
"url": "https://kb.isc.org/v1/docs/cve-2021-25216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2021-25215 du 28 avril 2021",
"url": "https://kb.isc.org/v1/docs/cve-2021-25215"
}
]
}
CERTFR-2021-AVI-132
Vulnerability from certfr_avis - Published: 2021-02-18 - Updated: 2021-02-18
Une vulnérabilité a été découverte dans BIND. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.17.x ant\u00e9rieures \u00e0 9.17.1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.5.x \u00e0 9.11.x ant\u00e9rieures \u00e0 9.11.28",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.12",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
}
],
"initial_release_date": "2021-02-18T00:00:00",
"last_revision_date": "2021-02-18T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-132",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans BIND. Elle permet \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8625 du 17 f\u00e9vrier 2021",
"url": "https://kb.isc.org/v1/docs/cve-2020-8625"
}
]
}
CERTFR-2020-AVI-523
Vulnerability from certfr_avis - Published: 2020-08-21 - Updated: 2020-08-21
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.17.x ant\u00e9rieures \u00e0 9.17.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.11.22",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x \u00e0 9.16.x ant\u00e9rieures \u00e0 9.16.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
},
{
"name": "CVE-2020-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8624"
},
{
"name": "CVE-2020-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8621"
},
{
"name": "CVE-2020-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8623"
},
{
"name": "CVE-2020-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8620"
}
],
"initial_release_date": "2020-08-21T00:00:00",
"last_revision_date": "2020-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-523",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8623 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8623"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8622 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8622"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8624 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8624"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8621 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8621"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8620 du 20 ao\u00fbt 2020",
"url": "https://kb.isc.org/docs/cve-2020-8620"
}
]
}
CERTFR-2020-AVI-382
Vulnerability from certfr_avis - Published: 2020-06-19 - Updated: 2020-06-19
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.16.x ant\u00e9rieures \u00e0 9.16.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.11.x ant\u00e9rieures \u00e0 9.11.20",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.14.9 \u00e0 9.14.12",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8618"
},
{
"name": "CVE-2020-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8619"
}
],
"initial_release_date": "2020-06-19T00:00:00",
"last_revision_date": "2020-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-382",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8619 du 17 juin 2020",
"url": "https://kb.isc.org/docs/cve-2020-8619"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2020-8618 du 17 juin 2020",
"url": "https://kb.isc.org/docs/cve-2020-8618"
}
]
}
CERTFR-2020-AVI-302
Vulnerability from certfr_avis - Published: 2020-05-19 - Updated: 2020-05-19
De multiples vulnérabilités ont été découvertes dans Bind. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.x ant\u00e9rieures \u00e0 9.11.19",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x et 9.14.x ant\u00e9rieures \u00e0 9.14.12",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.16.x ant\u00e9rieures \u00e0 9.16.3",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
}
],
"initial_release_date": "2020-05-19T00:00:00",
"last_revision_date": "2020-05-19T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-302",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Bind. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2020-8617 du 19 mai 2020",
"url": "https://kb.isc.org/docs/cve-2020-8617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Bind cve-2020-8616 du 19 mai 2020",
"url": "https://kb.isc.org/docs/cve-2020-8616"
}
]
}
CERTFR-2019-AVI-585
Vulnerability from certfr_avis - Published: 2019-11-21 - Updated: 2019-11-21
Une vulnérabilité a été découverte dans BIND. Elle permet à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.15.x ant\u00e9rieures \u00e0 9.15.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.11.13",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.x et 9.14.x ant\u00e9rieures \u00e0 9.14.8",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6477"
}
],
"initial_release_date": "2019-11-21T00:00:00",
"last_revision_date": "2019-11-21T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-585",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-11-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans BIND. Elle permet \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2019-6477 du 20 novembre 2019",
"url": "https://kb.isc.org/docs/cve-2019-6477"
}
]
}
CERTFR-2019-AVI-516
Vulnerability from certfr_avis - Published: 2019-10-17 - Updated: 2019-10-17
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.14.0 \u00e0 9.14.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND (branche de d\u00e9veloppement) versions 9.15 \u00e0 9.15.4",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6475",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6475"
},
{
"name": "CVE-2019-6476",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6476"
}
],
"initial_release_date": "2019-10-17T00:00:00",
"last_revision_date": "2019-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-516",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2019-6476 du 16 octobre 2019",
"url": "https://kb.isc.org/docs/cve-2019-6476"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND cve-2019-6475 du 16 octobre 2019",
"url": "https://kb.isc.org/docs/cve-2019-6475"
}
]
}
CERTFR-2019-AVI-283
Vulnerability from certfr_avis - Published: 2019-06-20 - Updated: 2019-06-20
Une vulnérabilité a été découverte dans BIND. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND toutes versions 9.13 et 9.15",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.11.0 \u00e0 9.11.7, 9.12.0 \u00e0 9.12.4-P1 et 9.14.0 \u00e0 9.14.2",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.11.3-S1 \u00e0 9.11.7-S1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6471",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6471"
}
],
"initial_release_date": "2019-06-20T00:00:00",
"last_revision_date": "2019-06-20T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-283",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-06-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans BIND. Elle permet \u00e0 un attaquant\nde provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BIND CVE-2019-6471 du 19 juin 2019",
"url": "https://kb.isc.org/docs/cve-2019-6471"
}
]
}
CERTFR-2019-AVI-187
Vulnerability from certfr_avis - Published: 2019-04-25 - Updated: 2019-04-25
De multiples vulnérabilités ont été découvertes dans BIND. Elles permettent à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.9.0 \u00e0 9.10.8-P1 et versions 9.11.0 \u00e0 9.11.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND toutes versions 9.13",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.12.0 \u00e0 9.12.4 et 9.14.0",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.10.5-S1 \u00e0 9.11.5-S5",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5743",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
},
{
"name": "CVE-2019-6467",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6467"
},
{
"name": "CVE-2019-6468",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6468"
}
],
"initial_release_date": "2019-04-25T00:00:00",
"last_revision_date": "2019-04-25T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-187",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans BIND. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans BIND",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2019-6467 du 24 avril 2019",
"url": "https://kb.isc.org/docs/cve-2019-6467"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2019-6468 du 24 avril 2019",
"url": "https://kb.isc.org/docs/cve-2019-6468"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2018-5743 du 24 avril 2019",
"url": "https://kb.isc.org/docs/cve-2018-5743"
}
]
}
CERTFR-2019-AVI-076
Vulnerability from certfr_avis - Published: 2019-02-22 - Updated: 2019-02-22
Une vulnérabilité a été découverte dans ISC Bind. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND 9 versions 9.10.7-S1 \u00e0 9.11.5-S3",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND 9 versions 9.11.3 \u00e0 9.11.5-P1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND 9 versions 9.12.0 \u00e0 9.12.3-P1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND 9 versions 9.13.0 \u00e0 9.13.6",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND 9 versions 9.10.7 \u00e0 9.10.8-P1",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5744",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5744"
}
],
"initial_release_date": "2019-02-22T00:00:00",
"last_revision_date": "2019-02-22T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-076",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans ISC Bind. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans ISC Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC CVE-2018-5744 du 21 f\u00e9vrier 2019",
"url": "https://kb.isc.org/docs/cve-2018-5744"
}
]
}
CERTFR-2018-AVI-453
Vulnerability from certfr_avis - Published: 2018-09-24 - Updated: 2018-09-24
Une vulnérabilité a été découverte dans Bind. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND 9 toutes versions ant\u00e9rieures \u00e0 9.11.5 et 9.12.3",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-5741",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5741"
}
],
"initial_release_date": "2018-09-24T00:00:00",
"last_revision_date": "2018-09-24T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-453",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Bind. Elle permet \u00e0 un attaquant\nde provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Bind",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ISC du 19 septembre 2018",
"url": "https://kb.isc.org/docs/cve-2018-5741"
}
]
}
CVE-2021-25220 (GCVE-0-2021-25220)
Vulnerability from cvelistv5 – Published: 2022-03-23 12:50 – Updated: 2024-09-16 17:08
VLAI?
Title
DNS forwarders - cache poisoning vulnerability
Summary
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
Severity ?
6.8 (Medium)
CWE
- When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND |
Affected:
Open Source Branch 9.11 9.11.0 through versions before 9.11.37
Affected: Development Branch 9.17 BIND 9.17 all version Affected: Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27 Affected: Open Source Branch 9.18 9.18.0 Affected: Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S Affected: Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S |
Credits
ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:56:11.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/v1/docs/cve-2021-25220"
},
{
"name": "FEDORA-2022-14e36aac0c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
},
{
"name": "FEDORA-2022-042d9c6146",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
},
{
"name": "FEDORA-2022-a88218de5c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
},
{
"name": "FEDORA-2022-05918f0838",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
},
{
"name": "FEDORA-2022-3f293290c3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202210-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "Open Source Branch 9.11 9.11.0 through versions before 9.11.37"
},
{
"status": "affected",
"version": "Development Branch 9.17 BIND 9.17 all version"
},
{
"status": "affected",
"version": "Open Source Branch 9.12-16 9.12.0 through versions before 9.16.27"
},
{
"status": "affected",
"version": "Open Source Branch 9.18 9.18.0"
},
{
"status": "affected",
"version": "Supported Preview Branch 9.11-S 9.11.0-S through versions before 9.11.37-S"
},
{
"status": "affected",
"version": "Supported Preview Branch 9.16-S 9.16.0-S through versions before 9.16.27-S"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Xiang Li, Baojun Liu, and Chaoyi Lu from Network and Information Security Lab, Tsinghua University and Changgen Zou from Qi An Xin Group Corp. for discovering and reporting this issue."
}
],
"datePublic": "2022-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. Some examples of configurations that will be vulnerable are: Resolvers using per zone or global forwarding with forward first (forward first is the default). Resolvers not using global forwarding, but with per-zone forwarding with either forward first (the default) or forward only. Resolvers configured with global forwarding along with zone statements that disable forwarding for part of the DNS namespace. Authoritative-only BIND 9 servers are not vulnerable to this flaw. BIND 9.11.0 -\u003e 9.11.36 9.12.0 -\u003e 9.16.26 9.17.0 -\u003e 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -\u003e 9.11.36-S1 9.16.8-S1 -\u003e 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-23T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/v1/docs/cve-2021-25220"
},
{
"name": "FEDORA-2022-14e36aac0c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
},
{
"name": "FEDORA-2022-042d9c6146",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/API7U5E7SX7BAAVFNW366FFJGD6NZZKV/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
},
{
"name": "FEDORA-2022-a88218de5c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VX3I2U3ICOIEI5Y7OYA6CHOLFMNH3YQ/"
},
{
"name": "FEDORA-2022-05918f0838",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SXT7247QTKNBQ67MNRGZD23ADXU6E5U/"
},
{
"name": "FEDORA-2022-3f293290c3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DE3UAVCPUMAKG27ZL5YXSP2C3RIOW3JZ/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202210-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-25"
},
{
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n BIND 9.11.37\n BIND 9.16.27\n BIND 9.18.1\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n BIND 9.11.37-S1\n BIND 9.16.27-S1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DNS forwarders - cache poisoning vulnerability",
"workarounds": [
{
"lang": "en",
"value": "If applicable, modify your configuration to either remove all forwarding or all possibility of recursion. Depending on your use-case, it may be possible to use other zone types to replace forward zones.\nActive exploits: We are not aware of any active exploits."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2021-25220",
"datePublished": "2022-03-23T12:50:10.367Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:08:54.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0635 (GCVE-0-2022-0635)
Vulnerability from cvelistv5 – Published: 2022-03-23 11:55 – Updated: 2024-09-17 02:21
VLAI?
Summary
Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check.
Severity ?
7.5 (High)
CWE
- We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) Versions affected: BIND 9.18.0
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/v1/docs/cve-2022-0635"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "Open Source Branch 9.18 9.18.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround."
}
],
"datePublic": "2022-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) Versions affected: BIND 9.18.0",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T22:06:11.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/v1/docs/cve-2022-0635"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
}
],
"solutions": [
{
"lang": "en",
"value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"workarounds": [
{
"lang": "en",
"value": "The failure can be avoided by adding this option to named.conf:\nsynth-from-dnssec no;"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2022-03-16T11:00:00.000Z",
"ID": "CVE-2022-0635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND",
"version": {
"version_data": [
{
"version_name": "Open Source Branch 9.18",
"version_value": "9.18.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Vincent Levigneron of AFNIC for reporting this issue to us and for verifying the fix and workaround."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "We refactored the RFC 8198 Aggressive Use of DNSSEC-Validated Cache feature (synth-from-dnssec) for the new BIND 9.18.0 stable release, and changed the default so that is now automatically enabled for dnssec-validating resolvers. Subsequently it was found that repeated patterns of specific queries to servers with this feature enabled could cause an INSIST failure in query.c:query_dname which causes named to terminate unexpectedly. The vulnerability affects BIND resolvers running 9.18.0 that have both dnssec-validation and synth-from-dnssec enabled. (Note that dnssec-validation auto; is the default setting unless configured otherwise in named.conf and that enabling dnssec-validation automatically enables synth-from-dnssec unless explicitly disabled) Versions affected: BIND 9.18.0"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/v1/docs/cve-2022-0635",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/v1/docs/cve-2022-0635"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220408-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "The failure can be avoided by adding this option to named.conf:\nsynth-from-dnssec no;"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-0635",
"datePublished": "2022-03-23T11:55:10.058Z",
"dateReserved": "2022-02-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:21:44.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0396 (GCVE-0-2022-0396)
Vulnerability from cvelistv5 – Published: 2022-03-23 10:45 – Updated: 2024-09-16 19:05
VLAI?
Title
DoS from specifically crafted TCP packets
Summary
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
Severity ?
5.3 (Medium)
CWE
- ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/v1/docs/cve-2022-0396"
},
{
"name": "FEDORA-2022-14e36aac0c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202210-25",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-25"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "Open Source Branch 9.16 9.16.11 through versions before 9.16.27"
},
{
"status": "affected",
"version": "Development Branch 9.17 BIND 9.17 all versions"
},
{
"status": "affected",
"version": "Open Source Branch 9.18 9.18.0"
},
{
"status": "affected",
"version": "Supported Preview Branch 9.16-S 9.16.11-S through versions before 9.16.27-S"
}
]
}
],
"datePublic": "2022-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "ISC recently discovered an issue in BIND that allows TCP connection slots to be consumed for an indefinite time frame via a specifically crafted TCP stream sent from a client. This issue is present in BIND. BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition. 9.16.11 to 9.16.26 (including S editions), and 9.18.0. This issue can only be triggered on BIND servers which have keep-response-order enabled, which is not the default configuration. The keep-response-order option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions. BIND 9.16.11 -\u003e 9.16.26, 9.17.0 -\u003e 9.18.0 and versions 9.16.11-S1 -\u003e 9.16.26-S1 of the BIND Supported Preview Edition.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-31T00:00:00.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"url": "https://kb.isc.org/v1/docs/cve-2022-0396"
},
{
"name": "FEDORA-2022-14e36aac0c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYD7US4HZRFUGAJ66ZTHFBYVP5N3OQBY/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
},
{
"name": "GLSA-202210-25",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-25"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n 9.16.27\n 9.18.1\nBIND Supported Preview Edition is a special feature-preview branch of BIND provided to eligible ISC support customers.\n 9.16.27-S1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DoS from specifically crafted TCP packets",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue in all affected versions of BIND, use the default setting of keep-response-order { none; }.\nActive exploits: We are not aware of any active exploits."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-0396",
"datePublished": "2022-03-23T10:45:13.589Z",
"dateReserved": "2022-01-27T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:05:24.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0667 (GCVE-0-2022-0667)
Vulnerability from cvelistv5 – Published: 2022-03-22 11:15 – Updated: 2024-09-16 22:20
VLAI?
Title
Assertion failure on delayed DS lookup
Summary
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
Severity ?
7.5 (High)
CWE
- In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a "backstop lifetime timer". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected. BIND 9.18.0
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/v1/docs/cve-2022-0667"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"all"
],
"product": "BIND",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.18.0"
}
]
}
],
"datePublic": "2022-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When the vulnerability is triggered the BIND process will exit. BIND 9.18.0"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a \"backstop lifetime timer\". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected. BIND 9.18.0",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T22:06:15.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/v1/docs/cve-2022-0667"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
}
],
"solutions": [
{
"lang": "en",
"value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Assertion failure on delayed DS lookup",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2022-03-16T19:00:00.000Z",
"ID": "CVE-2022-0667",
"STATE": "PUBLIC",
"TITLE": "Assertion failure on delayed DS lookup"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND",
"version": {
"version_data": [
{
"platform": "all",
"version_affected": "=",
"version_name": "9.18.0",
"version_value": "9.18.0"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When the vulnerability is triggered the BIND process will exit. BIND 9.18.0"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In BIND 9.18.0 the recursive client code was refactored. This refactoring introduced a \"backstop lifetime timer\". While BIND is processing a request for a DS record that needs to be forwarded, it waits until this processing is complete or until the backstop lifetime timer has timed out. When the resume_dslookup() function is called as a result of such a timeout, the function does not test whether the fetch has previously been shut down. This introduces the possibility of triggering an assertion failure, which could cause the BIND process to terminate. Only the BIND 9.18 branch is affected. BIND 9.18.0"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/v1/docs/cve-2022-0667",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/v1/docs/cve-2022-0667"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220408-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220408-0001/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users of BIND 9.18.0 should upgrade to BIND 9.18.1"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-0667",
"datePublished": "2022-03-22T11:15:13.972Z",
"dateReserved": "2022-02-17T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:20:53.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}