Vulnerabilities > ISC > Bind

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
7.5
2024-02-13 CVE-2023-4408 The DNS message parsing code in `named` includes a section whose computational complexity is overly high.
network
low complexity
netapp fedoraproject isc
7.5
2024-02-13 CVE-2023-5517 Reachable Assertion vulnerability in multiple products
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
netapp fedoraproject isc CWE-617
7.5
2024-02-13 CVE-2023-5679 A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
network
low complexity
netapp fedoraproject isc
7.5
2024-02-13 CVE-2023-5680 If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
network
low complexity
isc netapp
5.3
2024-02-13 CVE-2023-6516 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database.
network
low complexity
isc netapp CWE-770
7.5
2023-09-20 CVE-2023-3341 Out-of-bounds Write vulnerability in multiple products
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing.
network
low complexity
isc fedoraproject debian CWE-787
7.5
2023-09-20 CVE-2023-4236 Reachable Assertion vulnerability in multiple products
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure.
network
low complexity
isc fedoraproject debian netapp CWE-617
7.5
2023-06-21 CVE-2023-2828 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.
network
low complexity
isc debian fedoraproject netapp CWE-770
7.5
2023-06-21 CVE-2023-2829 A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
network
low complexity
isc netapp
7.5