cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12705,https://securityvulnerability.io/vulnerability/CVE-2024-12705,Denial of Service Vulnerability in BIND 9 by ISC,"A vulnerability exists in BIND 9 that allows clients utilizing DNS-over-HTTPS (DoH) to overload a DNS resolver's CPU and memory. Attackers can exploit this by sending a flood of crafted HTTP/2 traffic, whether valid or invalid, which can result in a significant degradation of service performance. This issue affects multiple versions of BIND 9, necessitating prompt attention from users to mitigate potential risks.",Isc,Bind 9,7.5,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-29T21:40:27.839Z,false,false,false,,2025-01-29T21:40:27.839Z,130
CVE-2024-11187,https://securityvulnerability.io/vulnerability/CVE-2024-11187,Resource Exhaustion Vulnerability in BIND 9 by ISC,"A resource exhaustion vulnerability exists in BIND 9 that can be exploited through specially crafted DNS zones. Attackers can generate numerous query responses that overwhelm both authoritative servers and resolvers, leading to high resource consumption. This can disrupt DNS services and degrade server performance. System administrators are advised to review their DNS configurations and apply necessary mitigations to safeguard their systems from potential exploitation caused by this vulnerability.",Isc,Bind 9,7.5,HIGH,0.0004299999854993075,false,,true,false,true,2025-01-29T21:40:11.942Z,false,false,false,,2025-01-29T21:40:11.942Z,451
CVE-2024-4076,https://securityvulnerability.io/vulnerability/CVE-2024-4076,Stale Data and Assertion Failures in BIND 9 Versions,"This vulnerability in BIND 9 arises from a failure in handling client queries that can trigger the serving of stale data. In scenarios where local authoritative zone data is required for lookups, the issue may lead to an assertion failure. This poses a significant concern for users relying on BIND 9 for DNS services. Versions of BIND 9 affected include a range from 9.11.x to 9.19.x, necessitating immediate attention to prevent potential disruptions in service.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2025-02-13T18:19:10.000Z,,false,false,,2024-07-23T14:40:57.256Z,0
CVE-2024-1975,https://securityvulnerability.io/vulnerability/CVE-2024-1975,Excessive CPU Usage for DNSSEC-Validated 'KEY' Resource Records in BIND 9,"A resource exhaustion vulnerability exists in BIND 9 software that can be exploited when a server hosts a zone containing a 'KEY' Resource Record, or when a resolver DNSSEC-validates a 'KEY' Resource Record from a DNSSEC-signed domain cached. Attackers can overwhelm resolver CPU resources with a continuous stream of SIG(0) signed requests, potentially leading to a denial of service condition. This affects multiple versions of BIND 9, including those from the 9.0.0 series to the latest releases.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2025-02-13T18:17:40.000Z,,false,false,,2024-07-23T14:38:57.143Z,0
CVE-2024-1737,https://securityvulnerability.io/vulnerability/CVE-2024-1737,Degraded Performance in BIND Due to Large DNS Caches,"This vulnerability affects the BIND DNS server, specifically targeting its resolver caches and authoritative zone databases. When these components hold a substantial number of Resource Records (RRs) for a single hostname, they may experience degraded performance. This can occur both during updates or additions of content and when handling client queries. The affected versions of BIND are known to struggle with such scenarios, potentially affecting the overall efficiency of DNS resolution and impacting service availability.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2025-02-13T18:17:39.000Z,,false,false,,2024-07-23T14:34:09.750Z,0
CVE-2024-0760,https://securityvulnerability.io/vulnerability/CVE-2024-0760,DNS Server Unstable During Malicious DNS Message Flood,"The vulnerability CVE-2024-0760 affects the DNS server and can cause it to become unstable during a flood of malicious DNS messages over TCP. It impacts BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. This vulnerability could lead to a denial of service and has been exploited in the wild. Ubuntu has released updated packages to fix the issue, and it is recommended for affected systems to update promptly.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2025-02-13T18:17:33.000Z,,false,false,,2024-07-23T14:26:54.983Z,0
CVE-2023-6516,https://securityvulnerability.io/vulnerability/CVE-2023-6516,Named Resolver May Experience Infinite Loop of Cache Maintenance,"The issue arises in BIND 9's cache database management, where asynchronous cleanup processes may become overwhelmed by ongoing repetitive query patterns. This can result in an exponential growth of queued cleanup events, eventually exceeding the predefined maximum cache size limit. This vulnerability impacts the ability of the resolver to efficiently manage memory and maintain optimal performance over time, leading to potential service disruptions in environments relying on BIND 9 for DNS resolution.",Isc,Bind 9,7.5,HIGH,0.0006399999838322401,false,,false,false,true,2024-06-28T17:15:04.000Z,,false,false,,2024-02-13T14:05:28.933Z,0
CVE-2023-5680,https://securityvulnerability.io/vulnerability/CVE-2023-5680,Large ECS Record Cache Impairs Query Performance,"If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. 
This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.",Isc,Bind 9,5.3,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-13T18:17:17.000Z,,false,false,,2024-02-13T14:05:19.783Z,0
CVE-2023-5679,https://securityvulnerability.io/vulnerability/CVE-2023-5679,BIND named Crashes with DNS64 and Serve-Stale Interaction,"The vulnerability arises from a problematic interaction between the DNS64 and serve-stale features in BIND 9. When both features are enabled during recursive DNS resolution, the `named` process may experience a crash due to an assertion failure. This could potentially lead to disrupted DNS service for affected users. The issue affects several versions of BIND 9 from 9.16.12 to 9.16.45, as well as a range of subversions specific to different configurations. Users are encouraged to review their BIND versions and apply necessary mitigations or updates.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2025-02-13T18:17:17.000Z,,false,false,,2024-02-13T14:05:06.688Z,0
CVE-2023-5517,https://securityvulnerability.io/vulnerability/CVE-2023-5517,Premature Exit and Assertion Failure in BIND 9 Due to Query-Handling Code Flaw,"A vulnerability exists in the query-handling code of BIND 9 DNS servers, leading to a potential premature exit due to an assertion failure. This occurs when the server is configured with `nxdomain-redirect <domain>;`, in conjunction with receiving a PTR query for an RFC 1918 address, typically resulting in an authoritative NXDOMAIN response. The flaw affects several versions of BIND 9, indicating a risk that could impact DNS resolution across various network environments, necessitating timely updates and mitigations by system administrators.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2024-08-22T14:15:05.000Z,,false,false,,2024-02-13T14:04:54.389Z,0
CVE-2023-4408,https://securityvulnerability.io/vulnerability/CVE-2023-4408,High CPU Load in DNS Message Parsing Code Affects BIND 9 Versions,"The DNS message parsing code in the BIND 9 implementation has a section with overly high computational complexity, which is not problematic under standard DNS traffic but can result in excessive CPU load. This vulnerability can be exploited through specially crafted DNS queries and responses, affecting both authoritative servers and recursive resolvers. Users of BIND 9 who run versions from 9.0.0 to 9.16.45, 9.18.0 to 9.18.21, 9.19.0 to 9.19.19, and various S1 versions, should take precautions to mitigate potential impact.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2025-02-13T18:16:41.000Z,,false,false,,2024-02-13T14:04:17.519Z,0
CVE-2023-3341,https://securityvulnerability.io/vulnerability/CVE-2023-3341,A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly,"A vulnerability in BIND 9 allows attackers to exploit the recursive nature of packet parsing during control channel message processing. This vulnerability can lead to unexpected termination of the `named` service due to insufficient stack memory. An attacker does not need to possess a valid RNDC key but only requires network access to the control channel's configured TCP port, making it critical for administrators to apply immediate patches to affected versions.",Isc,Bind 9,7.5,HIGH,0.0005200000014156103,false,,false,false,true,2025-02-13T17:16:40.000Z,,false,false,,2023-09-20T13:15:00.000Z,0
CVE-2023-4236,https://securityvulnerability.io/vulnerability/CVE-2023-4236,named may terminate unexpectedly under high DNS-over-TLS query load,"A networking flaw in BIND 9's handling of DNS-over-TLS queries may result in unexpected terminations of the 'named' service. This occurs due to an assertion failure triggered when internal data structures are reused improperly under significant load from DNS-over-TLS queries. Systems running BIND versions between 9.18.0 and 9.18.18, and 9.18.11-S1 to 9.18.18-S1 are affected, potentially leading to service disruptions.",Isc,Bind 9,7.5,HIGH,0.0004799999878741801,false,,false,false,true,2025-02-13T18:16:27.000Z,,false,false,,2023-09-20T13:15:00.000Z,0
CVE-2023-2911,https://securityvulnerability.io/vulnerability/CVE-2023-2911,Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0,"A critical issue has been identified in BIND 9 resolvers, where if the 'recursive-clients' quota is met alongside configurations that enable stale answers, a series of related queries can lead to an unexpected loop and crash of the 'named' service due to stack overflow. This affects multiple versions of BIND 9, necessitating immediate attention from system administrators to mitigate potential disruptions.",Isc,Bind 9,7.5,HIGH,0.0009800000116229057,false,,false,false,true,2024-12-06T19:15:03.000Z,,false,false,,2023-06-21T17:15:00.000Z,0
CVE-2023-2829,https://securityvulnerability.io/vulnerability/CVE-2023-2829,Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled,"A vulnerability exists in the BIND 9 DNSSEC-validating recursive resolver configured with the Aggressive Use of DNSSEC-Validated Cache option. This vulnerability allows an attacker to remotely terminate the service through the exploitation of a zone containing a malformed NSEC record. This poses a risk for DNS resolution integrity and availability, affecting systems that rely on configured BIND 9 instances for DNS queries.",Isc,Bind 9,7.5,HIGH,0.0004400000034365803,false,,false,false,true,2024-12-06T19:15:03.000Z,,false,false,,2023-06-21T17:15:00.000Z,0
CVE-2023-2828,https://securityvulnerability.io/vulnerability/CVE-2023-2828,named's configured cache size limit can be significantly exceeded,"A vulnerability has been identified in BIND 9 recursive resolvers, where the cache-cleaning algorithm can be manipulated through specific query patterns. This manipulation allows the cache size to exceed the configured limits, impacting overall memory management. This flaw affects multiple versions of BIND 9, making it essential for administrators to review their configurations and apply necessary updates to mitigate potential risks.",Isc,Bind 9,7.5,HIGH,0.0005200000014156103,false,,false,false,true,2024-12-06T19:15:03.000Z,,false,false,,2023-06-21T17:15:00.000Z,0
CVE-2022-3736,https://securityvulnerability.io/vulnerability/CVE-2022-3736,named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries,"A flaw in the BIND 9 resolver can lead to a denial of service, causing the resolver to crash. This occurs when stale cache and stale answer handling are enabled, and the option 'stale-answer-client-timeout' is configured with a positive integer. If the resolver encounters an RRSIG query under these conditions, it may fail, interrupting DNS resolution services. This issue impacts multiple BIND 9 versions. Users are advised to review their configurations and consider updates to prevent potential disruptions.",Isc,Bind 9,7.5,HIGH,0.0009299999801442027,false,,false,false,true,2024-08-03T02:16:03.000Z,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-3488,https://securityvulnerability.io/vulnerability/CVE-2022-3488,named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries,"A vulnerability exists in BIND DNS Server that can cause the service to terminate unexpectedly due to improper handling of repeated responses with ECS pseudo-options. Specifically, if the initial response is malformed, the resolver may abort with an assertion failure rather than processing the query correctly. This impacts BIND versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1, potentially leading to significant service disruptions.",Isc,Bind 9,7.5,HIGH,0.0013200000394135714,false,,false,false,true,2024-08-03T02:15:57.000Z,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-3094,https://securityvulnerability.io/vulnerability/CVE-2022-3094,An UPDATE message flood may cause named to exhaust all available memory,"A vulnerability exists in BIND that allows for memory resource exhaustion through a flood of dynamic DNS updates. When access permissions are checked after memory allocation, trusted clients can potentially overwhelm the system, causing 'named' to exit due to insufficient memory. While memory is released for rejected updates almost instantly, the risk emerges when invalid updates are sent at scale. This issue impacts BIND versions 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, 9.19.0 to 9.19.8, and 9.16.8-S1 to 9.16.36-S1.",Isc,Bind 9,7.5,HIGH,0.0009299999801442027,false,,false,false,true,2024-08-03T02:15:46.000Z,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-3924,https://securityvulnerability.io/vulnerability/CVE-2022-3924,named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota,"The vulnerability in BIND 9 resolvers occurs due to improper handling of client queries when the 'stale-answer-enable' option is activated along with a positive 'stale-answer-client-timeout' setting. When the resolver experiences a high volume of recursive queries, it may need to terminate the longest waiting client in order to serve a new request. This scenario risks a race condition between sending a stale answer and issuing a 'SERVFAIL' response, potentially leading to an assertion failure that disrupts normal operations. Systems running vulnerable versions of BIND 9 should be assessed and updated to mitigate this risk.",Isc,Bind 9,7.5,HIGH,0.0009299999801442027,false,,false,false,true,2024-08-03T02:16:08.000Z,,false,false,,2023-01-25T21:39:49.110Z,0
CVE-2022-0635,https://securityvulnerability.io/vulnerability/CVE-2022-0635,Denial of Service Vulnerability in BIND by ISC,"A denial of service vulnerability exists in BIND 9.18.0 where the named process can crash after receiving a specific sequence of queries. This crash stems from a failed assertion check, leading to potential disruptions in DNS service availability. Users of affected versions should take immediate action to mitigate risks by updating to the latest version to ensure system stability and security.",Isc,Bind,7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-03-23T12:15:00.000Z,0
CVE-2022-0396,https://securityvulnerability.io/vulnerability/CVE-2022-0396,DoS from specifically crafted TCP packets,"BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.",Isc,Bind,5.3,MEDIUM,0.002420000033453107,false,,false,false,false,,,false,false,,2022-03-23T11:15:00.000Z,0
CVE-2021-25220,https://securityvulnerability.io/vulnerability/CVE-2021-25220,DNS forwarders - cache poisoning vulnerability,"BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.",Isc,Bind,6.8,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2022-03-23T00:00:00.000Z,0
CVE-2022-0667,https://securityvulnerability.io/vulnerability/CVE-2022-0667,Assertion failure on delayed DS lookup,When the vulnerability is triggered the BIND process will exit. BIND 9.18.0,Isc,Bind,7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2022-03-22T12:15:00.000Z,0
CVE-2013-5661,https://securityvulnerability.io/vulnerability/CVE-2013-5661,DNS Response Rate Limiting Vulnerability in Multiple Linux Distributions,"A cache poisoning vulnerability has been identified in the DNS response rate limiting mechanism present in several Linux distributions. This flaw can potentially allow attackers to exploit DNS infrastructure, leading to manipulation of DNS responses. If successfully exploited, an attacker could redirect legitimate traffic to malicious sites, posing a significant risk to system integrity and user privacy. It is crucial for administrators to apply patches and review their DNS configurations to mitigate possible threats stemming from this vulnerability.",Isc,Bind,5.9,MEDIUM,0.001129999989643693,false,,false,false,false,,,false,false,,2019-11-05T18:14:31.000Z,0