Vulnerabilities > ISC > Bind > 9.11.37
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-3488 | Reachable Assertion vulnerability in ISC Bind Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1. | 7.5 |
| 2022-09-21 | CVE-2022-2795 | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. | 5.3 |
| 2022-09-21 | CVE-2022-38177 | Memory Leak vulnerability in multiple products By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. | 7.5 |
| 2022-09-21 | CVE-2022-38178 | Memory Leak vulnerability in multiple products By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. | 7.5 |
| 2019-11-01 | CVE-2019-6470 | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. | 7.5 |