Search criteria
50 vulnerabilities found for BIND 9 by ISC
CVE-2025-13878 (GCVE-0-2025-13878)
Vulnerability from cvelistv5 – Published: 2026-01-21 14:43 – Updated: 2026-01-21 18:13
VLAI?
Title
Malformed BRID/HHIT records can cause named to terminate unexpectedly
Summary
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.
This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T14:57:50.807267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:58:14.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-21T18:13:38.157Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/01/21/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.18.43",
"status": "affected",
"version": "9.18.40",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.17",
"status": "affected",
"version": "9.20.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.16",
"status": "affected",
"version": "9.21.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.43-S1",
"status": "affected",
"version": "9.18.40-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.17-S1",
"status": "affected",
"version": "9.20.13-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.43",
"versionStartIncluding": "9.18.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.17",
"versionStartIncluding": "9.20.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.16",
"versionStartIncluding": "9.21.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.43-S1",
"versionStartIncluding": "9.18.40-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.17-S1",
"versionStartIncluding": "9.20.13-S1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Vlatko Kosturjak from Marlink Cyber for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Malformed BRID/HHIT records can cause `named` to terminate unexpectedly.\nThis issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can cause `named` to crash by sending a request that results in a corrupt or malicious record."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-21T14:43:27.260Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-13878",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-13878"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.18.44"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.18"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.17"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.44, 9.20.18, 9.21.17, 9.18.44-S1, or 9.20.18-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Malformed BRID/HHIT records can cause named to terminate unexpectedly",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-13878",
"datePublished": "2026-01-21T14:43:27.260Z",
"dateReserved": "2025-12-02T11:08:04.266Z",
"dateUpdated": "2026-01-21T18:13:38.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40780 (GCVE-0-2025-40780)
Vulnerability from cvelistv5 – Published: 2025-10-22 15:48 – Updated: 2025-11-04 21:10
VLAI?
Title
Cache poisoning due to weak PRNG
Summary
In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.
This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Severity ?
8.6 (High)
CWE
- CWE-341 - Predictable from Observable State
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.16.0 , ≤ 9.16.50
(custom)
Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.16.8-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom) |
Credits
ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:27:36.366032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:27:49.476Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:16.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.39",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.13",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.12",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.39-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.13-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from Hebrew University of Jerusalem for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "BIND can be tricked into caching attacker responses, if the spoofing is successful."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-341",
"description": "CWE-341 Predictable from Observable State",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:48:27.146Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40780",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40780"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cache poisoning due to weak PRNG",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40780",
"datePublished": "2025-10-22T15:48:27.146Z",
"dateReserved": "2025-04-16T08:44:49.857Z",
"dateUpdated": "2025-11-04T21:10:16.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40778 (GCVE-0-2025-40778)
Vulnerability from cvelistv5 – Published: 2025-10-22 15:47 – Updated: 2026-02-26 16:57
VLAI?
Title
Cache poisoning attacks with unsolicited RRs
Summary
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Severity ?
8.6 (High)
CWE
- CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.11.0 , ≤ 9.16.50
(custom)
Affected: 9.18.0 , ≤ 9.18.39 (custom) Affected: 9.20.0 , ≤ 9.20.13 (custom) Affected: 9.21.0 , ≤ 9.21.12 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.39-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.13-S1 (custom) |
Credits
ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40778",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-07T04:56:12.747619Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T16:57:13.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/N3mes1s/f76b4a606308937b0806a5256bc1f918"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:14.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.39",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.13",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.12",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.39-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.13-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan from Tsinghua University for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Forged records can be injected into cache during a query, which can potentially affect resolution of future queries."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:47:13.243Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40778",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40778"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cache poisoning attacks with unsolicited RRs",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40778",
"datePublished": "2025-10-22T15:47:13.243Z",
"dateReserved": "2025-04-16T08:44:49.857Z",
"dateUpdated": "2026-02-26T16:57:13.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8677 (GCVE-0-2025-8677)
Vulnerability from cvelistv5 – Published: 2025-10-22 15:43 – Updated: 2025-11-04 21:15
VLAI?
Title
Resource exhaustion via malformed DNSKEY handling
Summary
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.
This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1.
Severity ?
7.5 (High)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8677",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-22T17:29:14.290863Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T17:29:39.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:15:09.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/10/22/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.18.39",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.13",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.12",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.39-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.13-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One Security and Privacy Laboratory at Nankai University for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-10-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker could overwhelm the server, significantly impacting performance and leading to denial of service for legitimate clients."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T15:43:10.369Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-8677",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-8677"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.41, 9.20.15, 9.21.14, 9.18.41-S1, or 9.20.15-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Resource exhaustion via malformed DNSKEY handling",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-8677",
"datePublished": "2025-10-22T15:43:10.369Z",
"dateReserved": "2025-08-06T17:32:34.755Z",
"dateUpdated": "2025-11-04T21:15:09.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40777 (GCVE-0-2025-40777)
Vulnerability from cvelistv5 – Published: 2025-07-16 17:38 – Updated: 2025-11-04 21:10
VLAI?
Title
A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
Summary
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:25:41.033326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:25:48.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:12.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/16/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.10",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.9",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.10-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.37",
"status": "unaffected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.37-S1",
"status": "unaffected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If an attacker is able to make queries that yield the necessary combination of circumstances, they can force `named` to exit."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T17:38:06.370Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40777",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40777"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.11, 9.21.10, or 9.20.11-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A possible assertion failure when \u0027stale-answer-client-timeout\u0027 is set to \u00270\u0027",
"workarounds": [
{
"lang": "en",
"value": "Setting either of `stale-answer-client-timeout off;` or `stale-answer-enable no;` in the configuration file will prevent the assertion."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40777",
"datePublished": "2025-07-16T17:38:06.370Z",
"dateReserved": "2025-04-16T08:44:49.856Z",
"dateUpdated": "2025-11-04T21:10:12.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-40776 (GCVE-0-2025-40776)
Vulnerability from cvelistv5 – Published: 2025-07-16 13:41 – Updated: 2025-07-22 14:55
VLAI?
Title
Birthday Attack against Resolvers supporting ECS
Summary
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack.
This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1.
Severity ?
8.6 (High)
CWE
- CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Xiang Li from AOSP Lab of Nankai University for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40776",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:54:56.292632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:55:04.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.37-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.10-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.10",
"status": "unaffected",
"version": "9.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Xiang Li from AOSP Lab of Nankai University for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack.\nThis issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A resolver configured to send ECS options to authoritative servers can be compelled to make queries that slightly increase the odds of guessing the source port and other details necessary to bypass the original birthday cache poisoning attack mitigations. As a result of this weakness, a resolver with ECS enabled is more vulnerable to successful cache poisoning via spoofed query responses than one that does not implement this feature."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-349",
"description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T13:41:01.337Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40776",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40776"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.38-S1 or 9.20.11-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Birthday Attack against Resolvers supporting ECS",
"workarounds": [
{
"lang": "en",
"value": "Disable ECS in BIND by removing the `ecs-zones` option from `named.conf`."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40776",
"datePublished": "2025-07-16T13:41:01.337Z",
"dateReserved": "2025-04-16T08:44:49.856Z",
"dateUpdated": "2025-07-22T14:55:04.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40775 (GCVE-0-2025-40775)
Vulnerability from cvelistv5 – Published: 2025-05-21 12:35 – Updated: 2025-05-23 13:11
VLAI?
Title
DNS message with invalid TSIG causes an assertion failure
Summary
When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7.
Severity ?
7.5 (High)
CWE
- CWE-232 - Improper Handling of Undefined Values
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T13:19:58.662181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T13:20:18.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-05-23T13:11:08.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/21/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250523-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.8",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.7",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial-of-service. By sending specific messages to the server, an attacker can cause `named` to terminate unexpectedly."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-232",
"description": "CWE-232 Improper Handling of Undefined Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T12:35:01.862Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2025-40775",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2025-40775"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.9 or 9.21.8."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "DNS message with invalid TSIG causes an assertion failure",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2025-40775",
"datePublished": "2025-05-21T12:35:01.862Z",
"dateReserved": "2025-04-16T08:44:49.856Z",
"dateUpdated": "2025-05-23T13:11:08.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12705 (GCVE-0-2024-12705)
Vulnerability from cvelistv5 – Published: 2025-01-29 21:40 – Updated: 2025-02-07 17:02
VLAI?
Title
DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
Summary
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.
This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Jean-François Billaud for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12705",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:25:35.856020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:27:00.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-07T17:02:44.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250207-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.18.32",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.4",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.3",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.32-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Jean-Fran\u00e7ois Billaud for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver\u0027s CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This would significantly impair the resolver\u0027s performance and effectively deny legitimate clients access to the DNS resolution service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T21:40:27.839Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-12705",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-12705"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DNS-over-HTTPS implementation suffers from multiple issues under heavy query load",
"workarounds": [
{
"lang": "en",
"value": "The issue affects only the DNS-over-HTTPS protocol and does not apply to instances where DoH is not enabled."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-12705",
"datePublished": "2025-01-29T21:40:27.839Z",
"dateReserved": "2024-12-17T14:25:50.907Z",
"dateUpdated": "2025-02-07T17:02:44.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11187 (GCVE-0-2024-11187)
Vulnerability from cvelistv5 – Published: 2025-01-29 21:40 – Updated: 2025-02-11 19:02
VLAI?
Title
Many records in the additional section cause CPU exhaustion
Summary
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
Severity ?
7.5 (High)
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.11.0 , ≤ 9.11.37
(custom)
Affected: 9.16.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.32 (custom) Affected: 9.20.0 , ≤ 9.20.4 (custom) Affected: 9.21.0 , ≤ 9.21.3 (custom) Affected: 9.11.3-S1 , ≤ 9.11.37-S1 (custom) Affected: 9.16.8-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.32-S1 (custom) |
Credits
ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11187",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T15:27:46.174106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T15:27:58.342Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-11T19:02:32.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250207-0002/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.11.37",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.32",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.4",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.3",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.32-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."
}
],
"datePublic": "2025-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A `named` instance vulnerable to this issue can be compelled to consume excessive CPU resources up to the point where exhaustion of resources effectively prevents the server from responding to other client queries. This issue is most likely to affect resolvers but could also degrade authoritative server performance."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T21:40:11.942Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-11187",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-11187"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.33, 9.20.5, 9.21.4, or 9.18.33-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Many records in the additional section cause CPU exhaustion",
"workarounds": [
{
"lang": "en",
"value": "Setting option `minimal-responses yes;` provides an effective workaround."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-11187",
"datePublished": "2025-01-29T21:40:11.942Z",
"dateReserved": "2024-11-13T17:20:48.660Z",
"dateUpdated": "2025-02-11T19:02:32.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4076 (GCVE-0-2024-4076)
Vulnerability from cvelistv5 – Published: 2024-07-23 14:40 – Updated: 2025-02-13 17:53
VLAI?
Title
Assertion failure when serving both stale cache data and authoritative zone content
Summary
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
Credits
ISC would like to thank Daniel Stränger for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bind",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-s1",
"status": "affected",
"version": "9.11.33-s1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-s1",
"status": "affected",
"version": "9.16.13-s1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-s1",
"status": "affected",
"version": "9.18.11-s1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T15:10:37.488270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:47:06.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:51.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240731-0001/"
},
{
"name": "CVE-2024-4076",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2024-4076"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.33-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.16.13-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Daniel Str\u00e4nger for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A `named` instance vulnerable to this logic error may terminate unexpectedly."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T11:05:58.936Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-4076",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-4076"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Assertion failure when serving both stale cache data and authoritative zone content",
"workarounds": [
{
"lang": "en",
"value": "Disabling serve-stale answers mitigates this issue."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-4076",
"datePublished": "2024-07-23T14:40:57.256Z",
"dateReserved": "2024-04-23T13:59:44.699Z",
"dateUpdated": "2025-02-13T17:53:23.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1975 (GCVE-0-2024-1975)
Vulnerability from cvelistv5 – Published: 2024-07-23 14:38 – Updated: 2025-02-13 17:32
VLAI?
Title
SIG(0) can be used to exhaust CPU resources
Summary
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.0.0 , ≤ 9.11.37
(custom)
Affected: 9.16.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.27 (custom) Affected: 9.19.0 , ≤ 9.19.24 (custom) Affected: 9.9.3-S1 , ≤ 9.11.37-S1 (custom) Affected: 9.16.8-S1 , ≤ 9.16.49-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.27-S1 (custom) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind:9.0:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*",
"cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*",
"cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*",
"cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*",
"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "bind",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.11.37",
"status": "affected",
"version": "9.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.49-s1",
"status": "affected",
"version": "9.16.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-s1",
"status": "affected",
"version": "9.18.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-s1",
"status": "affected",
"version": "9.9.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T17:12:04.527878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T20:08:56.485Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240731-0002/"
},
{
"name": "CVE-2024-1975",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2024-1975"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.11.37",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.9.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.49-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If a server hosts a zone containing a \"KEY\" Resource Record, or a resolver DNSSEC-validates a \"KEY\" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.\nThis issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Depletion of available CPU resources may cause BIND to become unresponsive."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T11:05:55.761Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-1975",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-1975"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "SIG(0) can be used to exhaust CPU resources",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-1975",
"datePublished": "2024-07-23T14:38:57.143Z",
"dateReserved": "2024-02-28T16:31:07.894Z",
"dateUpdated": "2025-02-13T17:32:28.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1737 (GCVE-0-2024-1737)
Vulnerability from cvelistv5 – Published: 2024-07-23 14:34 – Updated: 2025-02-13 17:32
VLAI?
Title
BIND's database will be slow if a very large number of RRs exist at the same name
Summary
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.11.0 , ≤ 9.11.37
(custom)
Affected: 9.16.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.27 (custom) Affected: 9.19.0 , ≤ 9.19.24 (custom) Affected: 9.11.4-S1 , ≤ 9.11.37-S1 (custom) Affected: 9.16.8-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.27-S1 (custom) |
Credits
ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:bind:9.11.4:s1:*:*:supported_preview:*:*:*",
"cpe:2.3:a:isc:bind:9.16.0:*:*:*:*:*:*:*",
"cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*",
"cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*",
"cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*",
"cpe:2.3:a:isc:bind:9.19.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "bind",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.11.37",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.11.4",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.16.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37_s1",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50_s1",
"status": "affected",
"version": "9.18.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27_s1",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T17:27:11.436620Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T17:35:12.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240731-0003/"
},
{
"name": "CVE-2024-1737",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2024-1737"
},
{
"name": "RRset limits in zones",
"tags": [
"related",
"x_transferred"
],
"url": "https://kb.isc.org/docs/rrset-limits-in-zones"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.11.37",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.4-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Toshifumi Sakaguchi for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.\nThis issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Processing of queries may be slowed down by a factor of 100."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T11:05:54.006Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-1737",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-1737"
},
{
"name": "RRset limits in zones",
"tags": [
"related"
],
"url": "https://kb.isc.org/docs/rrset-limits-in-zones"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "BIND\u0027s database will be slow if a very large number of RRs exist at the same name",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-1737",
"datePublished": "2024-07-23T14:34:09.750Z",
"dateReserved": "2024-02-22T10:11:43.508Z",
"dateUpdated": "2025-02-13T17:32:25.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0760 (GCVE-0-2024-0760)
Vulnerability from cvelistv5 – Published: 2024-07-23 14:26 – Updated: 2025-02-13 17:27
VLAI?
Title
A flood of DNS messages over TCP may make the server unstable
Summary
A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack.
This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1.
Severity ?
7.5 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "bind",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-s1",
"status": "affected",
"version": "9.18.11-s1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T16:02:34.286057Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T20:36:51.162Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.515Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240731-0004/"
},
{
"name": "CVE-2024-0760",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2024-0760"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. \nThis issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "The server can become unresponsive until sometime after the attack ends."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T11:05:57.323Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-0760",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-0760"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A flood of DNS messages over TCP may make the server unstable",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-0760",
"datePublished": "2024-07-23T14:26:54.983Z",
"dateReserved": "2024-01-19T20:26:52.962Z",
"dateUpdated": "2025-02-13T17:27:19.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6516 (GCVE-0-2023-6516)
Vulnerability from cvelistv5 – Published: 2024-02-13 14:05 – Updated: 2025-02-13 17:26
VLAI?
Title
Specific recursive query patterns may lead to an out-of-memory condition
Summary
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.
This issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1.
Severity ?
7.5 (High)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
Impacted products
Credits
ISC would like to thank Infoblox for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bind",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.16.45",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-s1",
"status": "affected",
"version": "9.16.8-s1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6516",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T16:01:15.527012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T16:35:10.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:35:13.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-6516",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-6516"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240503-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.45",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Infoblox for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in a timely manner. This in turn enables the list of queued cleanup events to grow infinitely large over time, allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.45 and 9.16.8-S1 through 9.16.45-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By exploiting this flaw, an attacker can cause the amount of memory used by a `named` resolver to go well beyond the configured `max-cache-size` limit. The effectiveness of the attack depends on a number of environmental factors, but in the worst case the attacker can exhaust all available memory on the host running `named`, leading to a denial-of-service condition."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T13:06:07.107Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-6516",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-6516"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240503-0008/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48 or 9.16.48-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Specific recursive query patterns may lead to an out-of-memory condition",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-6516",
"datePublished": "2024-02-13T14:05:28.933Z",
"dateReserved": "2023-12-05T10:44:59.435Z",
"dateUpdated": "2025-02-13T17:26:26.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5680 (GCVE-0-2023-5680)
Vulnerability from cvelistv5 – Published: 2024-02-13 14:05 – Updated: 2025-03-17 15:04
VLAI?
Title
Cleaning an ECS-enabled cache may cause excessive CPU load
Summary
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Severity ?
5.3 (Medium)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
ISC would like to thank Yann Kerherve and Ask Bjørn Hansen for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5680",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T18:02:52.507926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T15:04:41.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-5680",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-5680"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240503-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Yann Kerherve and Ask Bj\u00f8rn Hansen for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. \nThis issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending specific queries to a resolver, an attacker can degrade `named`\u0027s query-handling performance. In the worst-case scenario, a resolver can become entirely unresponsive."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T13:06:10.608Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-5680",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-5680"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240503-0005/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48-S1 or 9.18.24-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cleaning an ECS-enabled cache may cause excessive CPU load",
"workarounds": [
{
"lang": "en",
"value": "There is no workaround for this issue other than disabling the ECS feature entirely."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-5680",
"datePublished": "2024-02-13T14:05:19.783Z",
"dateReserved": "2023-10-20T11:13:31.862Z",
"dateUpdated": "2025-03-17T15:04:41.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5679 (GCVE-0-2023-5679)
Vulnerability from cvelistv5 – Published: 2024-02-13 14:05 – Updated: 2025-03-28 23:51
VLAI?
Title
Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution
Summary
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.
This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T19:24:41.299409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T23:51:12.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-5679",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-5679"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.45",
"status": "affected",
"version": "9.16.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.19",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.12-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By querying a DNS64-enabled resolver for domain names triggering serve-stale, an attacker can cause `named` to crash with an assertion failure."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:07:08.838Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-5679",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-5679"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0002/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution",
"workarounds": [
{
"lang": "en",
"value": "Disabling serve-stale (with `stale-cache-enable no;` and `stale-answer-enable no;`) and/or disabling `dns64` makes the faulty code path impossible to reach, preventing this flaw from being exploitable."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-5679",
"datePublished": "2024-02-13T14:05:06.688Z",
"dateReserved": "2023-10-20T11:00:26.909Z",
"dateUpdated": "2025-03-28T23:51:12.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5517 (GCVE-0-2023-5517)
Vulnerability from cvelistv5 – Published: 2024-02-13 14:04 – Updated: 2025-02-13 17:25
VLAI?
Title
Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled
Summary
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Severity ?
7.5 (High)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-5517",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-5517"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240503-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind_9:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bind_9",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.16.45",
"status": "affected",
"version": "9.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.19",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:32:01.260266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:56:51.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.45",
"status": "affected",
"version": "9.12.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.19",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n - `nxdomain-redirect \u003cdomain\u003e;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If both of the above conditions are met, a single suitable query will cause `named` to crash."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T13:06:16.924Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-5517",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-5517"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240503-0006/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Querying RFC 1918 reverse zones may cause an assertion failure when \"nxdomain-redirect\" is enabled",
"workarounds": [
{
"lang": "en",
"value": "Disabling the `nxdomain-redirect` feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-5517",
"datePublished": "2024-02-13T14:04:54.389Z",
"dateReserved": "2023-10-11T07:02:42.359Z",
"dateUpdated": "2025-02-13T17:25:39.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4408 (GCVE-0-2023-4408)
Vulnerability from cvelistv5 – Published: 2024-02-13 14:04 – Updated: 2025-03-14 16:16
VLAI?
Title
Parsing large DNS messages may cause excessive CPU load
Summary
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Severity ?
7.5 (High)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4408",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T20:37:05.447060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T16:16:25.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-4408",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-4408"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240426-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.45",
"status": "affected",
"version": "9.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.19",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.9.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.45-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.21-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.\nThis issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By flooding the target server with queries exploiting this flaw an attacker can significantly impair the server\u0027s performance, effectively denying legitimate clients access to the DNS resolution service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-04-26T09:06:37.227Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-4408",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-4408"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/13/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240426-0001/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Parsing large DNS messages may cause excessive CPU load",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-4408",
"datePublished": "2024-02-13T14:04:17.519Z",
"dateReserved": "2023-08-18T07:59:28.420Z",
"dateUpdated": "2025-03-14T16:16:25.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4236 (GCVE-0-2023-4236)
Vulnerability from cvelistv5 – Published: 2023-09-20 12:32 – Updated: 2025-02-13 17:09
VLAI?
Title
named may terminate unexpectedly under high DNS-over-TLS query load
Summary
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.
This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
ISC would like to thank Robert Story from the USC/ISI DNS root server operations team for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:03.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-4236",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-4236"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5504"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231013-0004/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.18.18",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.18-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Robert Story from the USC/ISI DNS root server operations team for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A `named` instance vulnerable to this flaw may terminate unexpectedly when subjected to significant DNS-over-TLS query load.\n\nThis flaw does not affect DNS-over-HTTPS code, as that uses a different TLS implementation."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2023-11-03T20:06:12.271Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-4236",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-4236"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
},
{
"url": "https://www.debian.org/security/2023/dsa-5504"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0004/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.19 or 9.18.19-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "named may terminate unexpectedly under high DNS-over-TLS query load",
"workarounds": [
{
"lang": "en",
"value": "Disabling listening for DNS-over-TLS connections (by removing `listen-on ... tls ... { ... };` statements from the configuration) prevents the affected code paths from being taken, rendering exploitation impossible. However, there is no workaround for this flaw if DNS-over-TLS support is required."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-4236",
"datePublished": "2023-09-20T12:32:16.631Z",
"dateReserved": "2023-08-08T10:23:50.680Z",
"dateUpdated": "2025-02-13T17:09:18.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3341 (GCVE-0-2023-3341)
Vulnerability from cvelistv5 – Published: 2023-09-20 12:32 – Updated: 2025-12-02 20:15
VLAI?
Title
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
Summary
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
Severity ?
7.5 (High)
CWE
- CWE-1325 - Improperly Controlled Sequential Memory Allocation
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
Credits
ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:55:03.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-3341",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-3341"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5504"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231013-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-03T16:03:26.539822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1325",
"description": "CWE-1325 Improperly Controlled Sequential Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T20:15:58.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.43",
"status": "affected",
"version": "9.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.18",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.16",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.43-S1",
"status": "affected",
"version": "9.9.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.18-S1",
"status": "affected",
"version": "9.18.0-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-09-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel\u0027s configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending a specially crafted message over the control channel, an attacker can cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. However, the attack only works in environments where the stack size available to each process/thread is small enough; the exact threshold depends on multiple factors and is therefore impossible to specify universally."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-01-31T00:06:17.912Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-3341",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-3341"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/20/2"
},
{
"url": "https://www.debian.org/security/2023/dsa-5504"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0003/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, or 9.18.19-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly",
"workarounds": [
{
"lang": "en",
"value": "By default, `named` only allows control-channel connections over the loopback interface, making this attack impossible to carry out over the network. When enabling remote access to the control channel\u0027s configured TCP port, care should be taken to limit such access to trusted IP ranges on the network level, effectively preventing unauthorized parties from carrying out the attack described in this advisory."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-3341",
"datePublished": "2023-09-20T12:32:03.073Z",
"dateReserved": "2023-06-20T16:19:13.104Z",
"dateUpdated": "2025-12-02T20:15:58.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-2911 (GCVE-0-2023-2911)
Vulnerability from cvelistv5 – Published: 2023-06-21 16:26 – Updated: 2025-02-13 16:49
VLAI?
Title
Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0
Summary
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.
This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:41:03.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-2911",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-2911"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5439"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:32:18.833805Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:32:26.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.41",
"status": "affected",
"version": "9.16.33",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.15",
"status": "affected",
"version": "9.18.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.41-S1",
"status": "affected",
"version": "9.16.33-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.15-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow.\nThis issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "This flaw was discovered in internal testing. We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T15:06:21.382Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-2911",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-2911"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5439"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42, 9.18.16, 9.16.42-S1, or 9.18.16-S1."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0",
"workarounds": [
{
"lang": "en",
"value": "Setting `stale-answer-client-timeout` to `off` or to a non-zero value prevents the issue.\n\nUsers of versions 9.18.10, 9.16.36, 9.16.36-S1 or older who are unable to upgrade should set `stale-answer-client-timeout` to `off`; using a non-zero value with these older versions leaves `named` vulnerable to CVE-2022-3924.\n\nAlthough it is possible to set the `recursive-clients` limit to a high number to reduce the likelihood of this scenario, this is not recommended; the limit on `recursive-clients` is important for preventing exhaustion of server resources. The limit cannot be disabled entirely."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-2911",
"datePublished": "2023-06-21T16:26:36.587Z",
"dateReserved": "2023-05-26T11:20:45.872Z",
"dateUpdated": "2025-02-13T16:49:00.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2829 (GCVE-0-2023-2829)
Vulnerability from cvelistv5 – Published: 2023-06-21 16:26 – Updated: 2025-02-13 16:48
VLAI?
Title
Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled
Summary
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.
This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-2829",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-2829"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:34:26.527193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:34:46.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.41-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.15-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Greg Kuechle from SaskTel for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record.\nThis issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending specific queries to the resolver, an attacker can cause `named` to terminate unexpectedly.\n\nNote that the BIND configuration option `synth-from-dnssec` is enabled by default in all versions of BIND 9.18 and 9.18-S and newer. In earlier versions of BIND that had this option available, it was disabled unless activated explicitly in `named.conf`."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T15:06:24.821Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-2829",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-2829"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42-S1 or 9.18.16-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled",
"workarounds": [
{
"lang": "en",
"value": "Setting `synth-from-dnssec` to `no` prevents the problem."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-2829",
"datePublished": "2023-06-21T16:26:24.932Z",
"dateReserved": "2023-05-22T07:57:43.061Z",
"dateUpdated": "2025-02-13T16:48:38.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2828 (GCVE-0-2023-2828)
Vulnerability from cvelistv5 – Published: 2023-06-21 16:26 – Updated: 2025-02-13 16:48
VLAI?
Title
named's configured cache size limit can be significantly exceeded
Summary
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.
It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.
This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.
Severity ?
7.5 (High)
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2023-2828",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-2828"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5439"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T18:36:28.183787Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T18:36:35.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.41",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.15",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.13",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.41-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.15-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Shoham Danino from Reichman University, Anat Bremler-Barr from Tel-Aviv University, Yehuda Afek from Tel-Aviv University, and Yuval Shavitt from Tel-Aviv University for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-06-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.\n\nIt has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded.\nThis issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By exploiting this flaw, an attacker can cause the amount of memory used by a `named` resolver to go well beyond the configured `max-cache-size` limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the `max-cache-size` statement is `90%`, in the worst case the attacker can exhaust all available memory on the host running `named`, leading to a denial-of-service condition."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T11:06:10.654Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2023-2828",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2023-2828"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/21/6"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/"
},
{
"url": "https://www.debian.org/security/2023/dsa-5439"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0010/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.42, 9.18.16, 9.19.14, 9.16.42-S1, or 9.18.16-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "named\u0027s configured cache size limit can be significantly exceeded",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2023-2828",
"datePublished": "2023-06-21T16:26:07.096Z",
"dateReserved": "2023-05-22T07:57:41.362Z",
"dateUpdated": "2025-02-13T16:48:38.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3924 (GCVE-0-2022-3924)
Vulnerability from cvelistv5 – Published: 2023-01-25 21:39 – Updated: 2025-03-31 13:58
VLAI?
Title
named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota
Summary
This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero.
If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Maksym Odinintsev from AWS for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:58.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2022-3924",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-3924"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T13:57:22.736047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T13:58:09.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.36",
"status": "affected",
"version": "9.16.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.10",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.8",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.36-S1",
"status": "affected",
"version": "9.16.12-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Maksym Odinintsev from AWS for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero.\n\nIf the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending specific queries to the resolver, an attacker can cause `named` to crash."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2022-3924",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-3924"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota",
"workarounds": [
{
"lang": "en",
"value": "Disabling `stale-answer-client-timeout` entirely or setting the timeout value to zero prevents the problem.\n\nIt is not possible to disable the limit on `recursive-clients`, though it could be set to a very high value in order to reduce the likelihood of encountering this scenario. However, this is not recommended as the limit on recursive clients is important for preventing exhaustion of server resources."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-3924",
"datePublished": "2023-01-25T21:39:49.110Z",
"dateReserved": "2022-11-10T09:07:37.642Z",
"dateUpdated": "2025-03-31T13:58:09.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3736 (GCVE-0-2022-3736)
Vulnerability from cvelistv5 – Published: 2023-01-25 21:39 – Updated: 2025-04-01 14:10
VLAI?
Title
named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries
Summary
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.
This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Borja Marcos from Sarenet (with assistance by Iratxe Niño from Fundación Sarenet) for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:57.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2022-3736",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-3736"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T14:10:30.864635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:10:47.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.36",
"status": "affected",
"version": "9.16.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.10",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.8",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.36-S1",
"status": "affected",
"version": "9.16.12-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Borja Marcos from Sarenet (with assistance by Iratxe Ni\u00f1o from Fundaci\u00f3n Sarenet) for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query.\nThis issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By sending specific queries to the resolver, an attacker can cause `named` to crash."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2022-3736",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-3736"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries",
"workarounds": [
{
"lang": "en",
"value": "Setting `stale-answer-client-timeout` to `0` or to `off/disabled` will prevent BIND from crashing due to this issue."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-3736",
"datePublished": "2023-01-25T21:39:18.187Z",
"dateReserved": "2022-10-28T07:04:32.966Z",
"dateUpdated": "2025-04-01T14:10:47.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3488 (GCVE-0-2022-3488)
Vulnerability from cvelistv5 – Published: 2023-01-25 21:37 – Updated: 2025-04-01 14:12
VLAI?
Title
named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries
Summary
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure.
'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name.
This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Infoblox for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2022-3488",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-3488"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T14:12:10.800058Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T14:12:27.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.4-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.36-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Infoblox for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure.\n\n\u0027Broken\u0027 in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name.\nThis issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker controlling a malicious nameserver could respond with two responses in quick succession, each with a \"CLIENT-SUBNET\" pseudo-option and where the first is broken. Processing the second response after the first causes named to terminate.\n\nAll affected versions of the BIND Supported Preview Edition are vulnerable, including those that are not configured to use ECS."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2022-3488",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-3488"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-3488",
"datePublished": "2023-01-25T21:37:47.872Z",
"dateReserved": "2022-10-13T11:13:40.533Z",
"dateUpdated": "2025-04-01T14:12:27.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3094 (GCVE-0-2022-3094)
Vulnerability from cvelistv5 – Published: 2023-01-25 21:34 – Updated: 2025-04-01 13:48
VLAI?
Title
An UPDATE message flood may cause named to exhaust all available memory
Summary
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.
Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.
If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.
BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16.
This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
Credits
ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CVE-2022-3094",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2022-3094"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3094",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T13:48:11.170392Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T13:48:37.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.36",
"status": "affected",
"version": "9.16.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.10",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.8",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.36-S1",
"status": "affected",
"version": "9.16.8-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Rob Schulhof from Infoblox for bringing this vulnerability to our attention."
}
],
"datePublic": "2023-01-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited.\n\nMemory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes.\n\nIf a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome.\n\nBIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don\u0027t intend to address this for BIND versions prior to BIND 9.16.\nThis issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "By flooding the target server with UPDATE requests, the attacker can exhaust all available memory on that server."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-26T06:03:10.975Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2022-3094",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2022-3094"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.37, 9.18.11, 9.19.9, or 9.16.37-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "An UPDATE message flood may cause named to exhaust all available memory",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2022-3094",
"datePublished": "2023-01-25T21:34:52.983Z",
"dateReserved": "2022-09-02T10:25:47.183Z",
"dateUpdated": "2025-04-01T13:48:37.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6476 (GCVE-0-2019-6476)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:17 – Updated: 2024-09-16 16:58
VLAI?
Title
An error in QNAME minimization code can cause BIND to exit with an assertion failure
Summary
A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.
Severity ?
5.9 (Medium)
CWE
- An attacker who manages to deliberately trigger this condition on a server which is performing recursion can cause named to exit, denying service to clients.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:20.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6476"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.14.0 up to 9.14.6"
},
{
"status": "affected",
"version": "9.15.0 up to 9.15.4"
}
]
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker who manages to deliberately trigger this condition on a server which is performing recursion can cause named to exit, denying service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T20:06:56.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6476"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5"
}
],
"source": {
"discovery": "USER"
},
"title": "An error in QNAME minimization code can cause BIND to exit with an assertion failure",
"workarounds": [
{
"lang": "en",
"value": "ervers which have QNAME minimization turned on are potentially vulnerable to this defect if they are running an affected version of BIND. The vulnerability can be avoided by disabling QNAME minimization using \"qname-minimization disabled;\" in the global options section of named.conf (Note: the default value for the qname-minimization setting in the 9.14 and 9.15 branches is \"relaxed\". To make use of this workaround it must be explicitly disabled.)"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-10-16T17:36:53.000Z",
"ID": "CVE-2019-6476",
"STATE": "PUBLIC",
"TITLE": "An error in QNAME minimization code can cause BIND to exit with an assertion failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.14.0 up to 9.14.6"
},
{
"version_value": "9.15.0 up to 9.15.4"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who manages to deliberately trigger this condition on a server which is performing recursion can cause named to exit, denying service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6476",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6476"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191024-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"name": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5"
}
],
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "ervers which have QNAME minimization turned on are potentially vulnerable to this defect if they are running an affected version of BIND. The vulnerability can be avoided by disabling QNAME minimization using \"qname-minimization disabled;\" in the global options section of named.conf (Note: the default value for the qname-minimization setting in the 9.14 and 9.15 branches is \"relaxed\". To make use of this workaround it must be explicitly disabled.)"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6476",
"datePublished": "2019-10-17T19:17:39.240Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:58:26.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6475 (GCVE-0-2019-6475)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:17 – Updated: 2024-09-16 17:54
VLAI?
Title
A flaw in mirror zone validity checking can allow zone data to be spoofed
Summary
Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker's choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.
Severity ?
5.9 (Medium)
CWE
- An on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "9.14.0 up to 9.14.6"
},
{
"status": "affected",
"version": "9.15.0 up to 9.15.4"
}
]
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker\u0027s choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T20:06:57.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "A flaw in mirror zone validity checking can allow zone data to be spoofed",
"workarounds": [
{
"lang": "en",
"value": "The vulnerability can be avoided by not using mirror zones."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-10-16T17:36:45.000Z",
"ID": "CVE-2019-6475",
"STATE": "PUBLIC",
"TITLE": "A flaw in mirror zone validity checking can allow zone data to be spoofed"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_value": "9.14.0 up to 9.14.6"
},
{
"version_value": "9.15.0 up to 9.15.4"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via traditional recursion, and when mirror zone data cannot be validated, BIND falls back to using traditional recursion instead of the mirror zone. However, an error in the validity checks for the incoming zone data can allow an on-path attacker to replace zone data that was validated with a configured trust anchor with forged data of the attacker\u0027s choosing. The mirror zone feature is most often used to serve a local copy of the root zone. If an attacker was able to insert themselves into the network path between a recursive server using a mirror zone and a root name server, this vulnerability could then be used to cause the recursive server to accept a copy of falsified root zone data. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An on-path attacker who manages to successfully exploit this vulnerability can replace the mirrored zone (usually the root) with data of their own choosing, effectively bypassing DNSSEC protection."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6475",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6475"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191024-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191024-0004/"
},
{
"name": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K42238532?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n + BIND 9.14.7\n + BIND 9.15.5"
}
],
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "The vulnerability can be avoided by not using mirror zones."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6475",
"datePublished": "2019-10-17T19:17:36.355Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:54:52.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6471 (GCVE-0-2019-6471)
Vulnerability from cvelistv5 – Published: 2019-10-09 14:17 – Updated: 2024-09-17 01:56
VLAI?
Title
A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
Summary
A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -> 9.11.7-S1.
Severity ?
5.9 (Medium)
CWE
- An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
ISC would like to thank CERN for helping us to discover this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:21.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2019-6471"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K10092301?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"status": "affected",
"version": "BIND 9.11.0 -\u003e 9.11.7, 9.12.0 -\u003e 9.12.4-P1, 9.14.0 -\u003e 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -\u003e 9.11.7-S1."
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank CERN for helping us to discover this issue."
}
],
"datePublic": "2019-06-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -\u003e 9.11.7, 9.12.0 -\u003e 9.12.4-P1, 9.14.0 -\u003e 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -\u003e 9.11.7-S1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-09T19:07:11.000Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kb.isc.org/docs/cve-2019-6471"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K10092301?utm_source=f5support\u0026amp%3Butm_medium=RSS"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.8\n BIND 9.12.4-P2\n BIND 9.14.3\n BIND 9.15.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.8-S1"
}
],
"source": {
"discovery": "USER"
},
"title": "A race condition when discarding malformed packets can cause BIND to exit with an assertion failure",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2019-06-19T23:00:00.000Z",
"ID": "CVE-2019-6471",
"STATE": "PUBLIC",
"TITLE": "A race condition when discarding malformed packets can cause BIND to exit with an assertion failure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_name": "BIND 9",
"version_value": "BIND 9.11.0 -\u003e 9.11.7, 9.12.0 -\u003e 9.12.4-P1, 9.14.0 -\u003e 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -\u003e 9.11.7-S1."
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank CERN for helping us to discover this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -\u003e 9.11.7, 9.12.0 -\u003e 9.12.4-P1, 9.14.0 -\u003e 9.14.2. Also all releases of the BIND 9.13 development branch and version 9.15.0 of the BIND 9.15 development branch and BIND Supported Preview Edition versions 9.11.3-S1 -\u003e 9.11.7-S1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker who can cause a resolver to perform queries which will be answered by a server which responds with deliberately malformed answers can cause named to exit, denying service to clients."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.isc.org/docs/cve-2019-6471",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/cve-2019-6471"
},
{
"name": "https://support.f5.com/csp/article/K10092301?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K10092301?utm_source=f5support\u0026amp;utm_medium=RSS"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n BIND 9.11.8\n BIND 9.12.4-P2\n BIND 9.14.3\n BIND 9.15.1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9.11.8-S1"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2019-6471",
"datePublished": "2019-10-09T14:17:14.566Z",
"dateReserved": "2019-01-16T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:56:17.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}