Vulnerabilities > ISC > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-21 | CVE-2022-2881 | Out-of-bounds Read vulnerability in ISC Bind The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | 8.2 |
| 2022-09-21 | CVE-2022-2906 | Memory Leak vulnerability in ISC Bind An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. | 7.5 |
| 2022-09-21 | CVE-2022-38177 | Memory Leak vulnerability in multiple products By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. | 7.5 |
| 2022-09-21 | CVE-2022-38178 | Memory Leak vulnerability in multiple products By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. | 7.5 |
| 2022-09-21 | CVE-2022-3080 | By sending specific queries to the resolver, an attacker can cause named to crash. | 7.5 |
| 2022-05-19 | CVE-2022-1183 | Reachable Assertion vulnerability in multiple products On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. | 7.5 |
| 2022-03-23 | CVE-2022-0635 | Reachable Assertion vulnerability in multiple products Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | 7.5 |
| 2022-03-22 | CVE-2022-0667 | Reachable Assertion vulnerability in multiple products When the vulnerability is triggered the BIND process will exit. | 7.5 |
| 2021-08-18 | CVE-2021-25218 | Reachable Assertion vulnerability in multiple products In BIND 9.16.19, 9.17.16. | 7.5 |
| 2021-05-26 | CVE-2021-25217 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. | 7.4 |