Vulnerabilities > ISC > Bind > 9.16.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2022-3924 | Reachable Assertion vulnerability in ISC Bind This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. | 7.5 |
| 2023-01-26 | CVE-2022-3094 | Use After Free vulnerability in ISC Bind Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. | 7.5 |
| 2023-01-26 | CVE-2022-3736 | Unspecified vulnerability in ISC Bind BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. | 7.5 |
| 2022-09-21 | CVE-2022-38178 | Memory Leak vulnerability in multiple products By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. | 7.5 |
| 2022-09-21 | CVE-2022-3080 | By sending specific queries to the resolver, an attacker can cause named to crash. | 7.5 |
| 2022-03-23 | CVE-2022-0396 | Improper Resource Shutdown or Release vulnerability in multiple products BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. | 5.3 |
| 2019-11-01 | CVE-2019-6470 | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. | 7.5 |