Search CVE reports
1 – 10 of 156 results
Some fixes available 4 of 14
Resource exhaustion via malformed DNSKEY handling
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 4 of 14
Cache poisoning due to weak PRNG
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 4 of 14
Cache poisoning attacks with unsolicited RRs
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | — |
A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1,...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | — |
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | — |
When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | — |
Some fixes available 6 of 13
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4,...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Not affected |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 6 of 14
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Ignored |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 5 of 6
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27,...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | — |
Some fixes available 8 of 16
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0)...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | — |