| Bug | Description |
|---|
| CVE-2024-4076 | Client queries that trigger serving stale data and that also require l ... |
| CVE-2024-0760 | A malicious client can send many DNS messages over TCP, potentially ca ... |
| CVE-2023-50868 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ... |
| CVE-2023-50387 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ... |
| CVE-2023-6516 | To keep its cache database efficient, `named` running as a recursive r ... |
| CVE-2023-5680 | If a resolver cache has a very large number of ECS records stored for ... |
| CVE-2023-5679 | A bad interaction between DNS64 and serve-stale may cause `named` to c ... |
| CVE-2023-5517 | A flaw in query-handling code can cause `named` to exit prematurely wi ... |
| CVE-2023-4236 | A flaw in the networking code handling DNS-over-TLS queries may cause ... |
| CVE-2023-3341 | The code that processes control channel messages sent to `named` calls ... |
| CVE-2023-2911 | If the `recursive-clients` quota is reached on a BIND 9 resolver confi ... |
| CVE-2023-2829 | A `named` instance configured to run as a DNSSEC-validating recursive ... |
| CVE-2023-2828 | Every `named` instance configured to run as a recursive resolver maint ... |
| CVE-2022-38178 | By spoofing the target resolver with responses that have a malformed E ... |
| CVE-2022-38177 | By spoofing the target resolver with responses that have a malformed E ... |
| CVE-2022-3924 | This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ... |
| CVE-2022-3736 | BIND 9 resolver can crash when stale cache and stale answers are enabl ... |
| CVE-2022-3488 | Processing of repeated responses to the same query, where both respons ... |
| CVE-2022-3080 | By sending specific queries to the resolver, an attacker can cause nam ... |
| CVE-2022-2906 | An attacker can leverage this flaw to gradually erode available memory ... |
| CVE-2022-2795 | By flooding the target resolver with queries exploiting this flaw an a ... |
| CVE-2022-1183 | On vulnerable configurations, the named daemon may, in some circumstan ... |
| CVE-2022-0667 | When the vulnerability is triggered the BIND process will exit. BIND 9 ... |
| CVE-2022-0635 | Versions affected: BIND 9.18.0 When a vulnerable version of named rece ... |
| CVE-2022-0396 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9 ... |
| CVE-2021-25220 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Support ... |
| CVE-2021-25219 | In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> ... |
| CVE-2021-25218 | In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ... |
| CVE-2021-25216 | In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3- ... |
| CVE-2021-25215 | In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S ... |
| CVE-2021-25214 | In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versi ... |
| CVE-2020-8625 | BIND servers are vulnerable if they are running an affected version an ... |
| CVE-2020-8624 | In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 ... |
| CVE-2020-8623 | In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also af ... |
| CVE-2020-8622 | In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also aff ... |
| CVE-2020-8621 | In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured ... |
| CVE-2020-8620 | In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establ ... |
| CVE-2020-8619 | In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, ... |
| CVE-2020-8618 | An attacker who is permitted to send zone data to a server via zone tr ... |
| CVE-2020-8617 | Using a specially-crafted message, an attacker may potentially cause a ... |
| CVE-2020-8616 | A malicious actor who intentionally exploits this lack of effective li ... |
| CVE-2019-6477 | With pipelining enabled each incoming query on a TCP connection requir ... |
| CVE-2019-6476 | A defect in code added to support QNAME minimization can cause named t ... |
| CVE-2019-6475 | Mirror zones are a BIND feature allowing recursive servers to pre-cach ... |
| CVE-2019-6471 | A race condition which may occur when discarding malformed packets can ... |
| CVE-2019-6469 | An error in the EDNS Client Subnet (ECS) feature for recursive resolve ... |
| CVE-2019-6468 | In BIND Supported Preview Edition, an error in the nxdomain-redirect f ... |
| CVE-2019-6467 | A programming error in the nxdomain-redirect feature can cause an asse ... |
| CVE-2019-6465 | Controls for zone transfers may not be properly applied to Dynamically ... |
| CVE-2018-5745 | "managed-keys" is a feature which allows a BIND resolver to automatica ... |
| CVE-2018-5744 | A failure to free memory can occur when processing messages having a s ... |
| CVE-2018-5743 | By design, BIND is intended to limit the number of TCP clients that ca ... |
| CVE-2018-5742 | While backporting a feature for a newer branch of BIND9, RedHat introd ... |
| CVE-2018-5740 | "deny-answer-aliases" is a little-used feature intended to help recurs ... |
| CVE-2018-5738 | Change #4777 (introduced in October 2017) introduced an unforeseen iss ... |
| CVE-2018-5737 | A problem with the implementation of the new serve-stale feature in BI ... |
| CVE-2018-5736 | An error in zone database reference counting can lead to an assertion ... |
| CVE-2018-5735 | The Debian backport of the fix for CVE-2017-3137 leads to assertion fa ... |
| CVE-2018-5734 | While handling a particular type of malformed packet BIND erroneously ... |
| CVE-2017-3145 | BIND was improperly sequencing cleanup operations on upstream recursio ... |
| CVE-2017-3143 | An attacker who is able to send and receive messages to an authoritati ... |
| CVE-2017-3142 | An attacker who is able to send and receive messages to an authoritati ... |
| CVE-2017-3141 | The BIND installer on Windows uses an unquoted service path which can ... |
| CVE-2017-3140 | If named is configured to use Response Policy Zones (RPZ) an error pro ... |
| CVE-2017-3139 | A denial of service flaw was found in the way BIND handled DNSSEC vali ... |
| CVE-2017-3138 | named contains a feature which allows operators to issue commands to a ... |
| CVE-2017-3137 | Mistaken assumptions about the ordering of records in the answer secti ... |
| CVE-2017-3136 | A query with a specific set of characteristics could cause a server us ... |
| CVE-2017-3135 | Under some conditions when using both DNS64 and RPZ to rewrite query r ... |
| CVE-2016-9778 | An error in handling certain queries can cause an assertion failure wh ... |
| CVE-2016-9444 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ... |
| CVE-2016-9147 | named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ... |
| CVE-2016-9131 | named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ... |
| CVE-2016-8864 | named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9. ... |
| CVE-2016-2848 | ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remo ... |
| CVE-2016-2776 | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4- ... |
| CVE-2016-2775 | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x befo ... |
| CVE-2016-2088 | resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ... |
| CVE-2016-1286 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allo ... |
| CVE-2016-1285 | named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does ... |
| CVE-2016-1284 | rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9. ... |
| CVE-2015-8705 | buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logg ... |
| CVE-2015-8704 | apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.1 ... |
| CVE-2015-8461 | Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P ... |
| CVE-2015-8000 | db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3 ... |
| CVE-2015-5986 | openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x ... |
| CVE-2015-5722 | buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9. ... |
| CVE-2015-5477 | named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allo ... |
| CVE-2015-4620 | name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9. ... |
| CVE-2015-1349 | named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x befor ... |
| CVE-2014-8680 | The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remot ... |
| CVE-2014-8500 | ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ... |
| CVE-2014-3859 | libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ... |
| CVE-2014-3214 | The prefetch implementation in named in ISC BIND 9.10.0, when a recurs ... |
| CVE-2014-0591 | The query_findclosestnsec3 function in query.c in named in ISC BIND 9. ... |
| CVE-2013-6230 | The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ... |
| CVE-2013-4854 | The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ... |
| CVE-2013-3919 | resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, a ... |
| CVE-2013-2266 | libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ... |
| CVE-2012-5689 | ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ... |
| CVE-2012-5688 | ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 i ... |
| CVE-2012-5166 | ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9. ... |
| CVE-2012-4244 | ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9. ... |
| CVE-2012-3868 | Race condition in the ns_client structure management in ISC BIND 9.9.x ... |
| CVE-2012-3817 | ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ... |
| CVE-2012-1667 | ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9. ... |
| CVE-2012-1033 | The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server n ... |
| CVE-2011-4313 | query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9 ... |
| CVE-2011-2465 | Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ... |
| CVE-2011-2464 | Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9. ... |
| CVE-2011-1910 | Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x befor ... |
| CVE-2011-1907 | ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ... |
| CVE-2011-0414 | ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative s ... |
| CVE-2010-3762 | ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ... |
| CVE-2010-3615 | named in ISC BIND 9.7.2-P2 does not check all intended locations for a ... |
| CVE-2010-3614 | named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ... |
| CVE-2010-3613 | named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, an ... |
| CVE-2010-0382 | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ... |
| CVE-2010-0290 | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ... |
| CVE-2010-0218 | ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ... |
| CVE-2010-0213 | BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trus ... |
| CVE-2010-0097 | ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ... |
| CVE-2009-4022 | Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ... |
| CVE-2009-0696 | The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 befo ... |
| CVE-2009-0265 | Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not prop ... |
| CVE-2009-0025 | BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ... |
| CVE-2008-4163 | Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9. ... |
| CVE-2008-1447 | The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ... |
| CVE-2008-0122 | Off-by-one error in the inet_network function in libbind in ISC BIND 9 ... |
| CVE-2007-6283 | Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ... |
| CVE-2007-2926 | ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ... |
| CVE-2007-2925 | The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ... |
| CVE-2007-2241 | Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ... |
| CVE-2007-0494 | ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ... |
| CVE-2007-0493 | Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ... |
| CVE-2006-4096 | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ... |
| CVE-2006-4095 | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ... |
| CVE-2006-2073 | Unspecified vulnerability in ISC BIND allows remote attackers to cause ... |
| CVE-2006-0987 | The default configuration of ISC BIND before 9.4.1-P1, when configured ... |
| CVE-2005-0364 | Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.1 ... |
| CVE-2005-0034 | An "incorrect assumption" in the authvalidated validator function in B ... |
| CVE-2002-2211 | BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ... |
| CVE-2002-1221 | BIND 8.x through 8.3.3 allows remote attackers to cause a denial of se ... |
| CVE-2002-1220 | BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ... |
| CVE-2002-1219 | Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ... |
| CVE-2002-0029 | Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 th ... |