cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-38177,https://securityvulnerability.io/vulnerability/CVE-2022-38177,Memory leak in ECDSA DNSSEC verification code,"By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",Isc,Bind9,7.5,HIGH,0.003719999920576811,false,,false,false,true,2024-08-03T11:22:02.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-2881,https://securityvulnerability.io/vulnerability/CVE-2022-2881,Buffer overread in statistics channel code,"The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.",Isc,Bind9,5.5,MEDIUM,0.0012499999720603228,false,,false,false,true,2024-08-03T02:15:40.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-3080,https://securityvulnerability.io/vulnerability/CVE-2022-3080,BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly,"By sending specific queries to the resolver, an attacker can cause named to crash.",Isc,Bind9,7.5,HIGH,0.0034799999557435513,false,,false,false,true,2024-06-21T20:15:06.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-38178,https://securityvulnerability.io/vulnerability/CVE-2022-38178,Memory leaks in EdDSA DNSSEC verification code,"By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",Isc,Bind9,7.5,HIGH,0.007720000110566616,false,,false,false,true,2024-08-03T11:22:02.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-2906,https://securityvulnerability.io/vulnerability/CVE-2022-2906,Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only),"An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.",Isc,Bind9,7.5,HIGH,0.0012499999720603228,false,,false,false,true,2024-08-03T02:15:41.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-2795,https://securityvulnerability.io/vulnerability/CVE-2022-2795,Processing large delegations may severely degrade resolver performance,"By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.",Isc,Bind9,5.3,MEDIUM,0.0035200000274926424,false,,false,false,true,2024-06-20T20:15:04.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-1183,https://securityvulnerability.io/vulnerability/CVE-2022-1183,Destroying a TLS session early causes assertion failure,"On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.",Isc,Bind9,7.5,HIGH,0.001019999966956675,false,,false,false,true,2024-09-17T04:18:51.000Z,,false,false,,2022-05-19T10:15:00.000Z,0
CVE-2021-25219,https://securityvulnerability.io/vulnerability/CVE-2021-25219,Lame cache can be abused to severely degrade resolver performance,"In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.",Isc,Bind9,5.3,MEDIUM,0.006039999891072512,false,,false,false,true,2024-08-03T20:18:30.000Z,,false,false,,2021-10-27T00:00:00.000Z,0
CVE-2021-25218,https://securityvulnerability.io/vulnerability/CVE-2021-25218,A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use,"In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query under the circumstances described above, the named process will terminate due to a failed assertion check. The vulnerability affects only BIND 9 releases 9.16.19, 9.17.16, and release 9.16.19-S1 of the BIND Supported Preview Edition.",Isc,Bind9,7.5,HIGH,0.002369999885559082,false,,false,false,true,2024-08-03T20:18:29.000Z,,false,false,,2021-08-18T00:00:00.000Z,0
CVE-2021-25216,https://securityvulnerability.io/vulnerability/CVE-2021-25216,A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack,"In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting values for the tkey-gssapi-keytab or tkey-gssapi-credential configuration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. For servers that meet these conditions, the ISC SPNEGO implementation is vulnerable to various attacks, depending on the CPU architecture for which BIND was built: For named binaries compiled for 64-bit platforms, this flaw can be used to trigger a buffer over-read, leading to a server crash. For named binaries compiled for 32-bit platforms, this flaw can be used to trigger a server crash due to a buffer overflow and possibly also to achieve remote code execution. We have determined that standard SPNEGO implementations are available in the MIT and Heimdal Kerberos libraries, which support a broad range of operating systems, rendering the ISC implementation unnecessary and obsolete. Therefore, to reduce the attack surface for BIND users, we will be removing the ISC SPNEGO implementation in the April releases of BIND 9.11 and 9.16 (it had already been dropped from BIND 9.17). We would not normally remove something from a stable ESV (Extended Support Version) of BIND, but since system libraries can replace the ISC SPNEGO implementation, we have made an exception in this case for reasons of stability and security.",Isc,Bind9,8.1,HIGH,0.24893000721931458,false,,false,false,true,2024-08-03T20:18:29.000Z,,false,false,,2021-04-29T01:15:00.000Z,0
CVE-2021-25214,https://securityvulnerability.io/vulnerability/CVE-2021-25214,A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly,"In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed.",Isc,Bind9,6.5,MEDIUM,0.005590000189840794,false,,false,false,true,2024-08-03T20:18:29.000Z,,false,false,,2021-04-29T01:15:00.000Z,0
CVE-2021-25215,https://securityvulnerability.io/vulnerability/CVE-2021-25215,An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself,"In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.",Isc,Bind9,7.5,HIGH,0.020749999210238457,false,,false,false,true,2024-08-03T20:18:29.000Z,,false,false,,2021-04-29T01:15:00.000Z,0
CVE-2020-8625,https://securityvulnerability.io/vulnerability/CVE-2020-8625,A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack,"BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch",Isc,Bind9,8.1,HIGH,0.6753799915313721,false,,false,false,false,,,false,false,,2021-02-17T00:00:00.000Z,0
CVE-2020-8621,https://securityvulnerability.io/vulnerability/CVE-2020-8621,Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c,"In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.",Isc,Bind9,7.5,HIGH,0.020829999819397926,false,,false,false,true,2024-08-04T11:18:29.000Z,,false,false,,2020-08-21T21:15:00.000Z,0
CVE-2020-8622,https://securityvulnerability.io/vulnerability/CVE-2020-8622,A truncated TSIG response can lead to an assertion failure,"In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.",Isc,Bind9,6.5,MEDIUM,0.004009999800473452,false,,false,false,true,2024-08-04T11:18:29.000Z,,false,false,,2020-08-21T21:15:00.000Z,0
CVE-2020-8620,https://securityvulnerability.io/vulnerability/CVE-2020-8620,Assertion Failure in BIND Server Leading to Unexpected Exits,"The vulnerability allows an authenticated attacker to exploit a flaw in BIND versions 9.15.6 through 9.16.5 and 9.17.0 through 9.17.3. By establishing a TCP connection and sending specially crafted data, the attacker can trigger an assertion failure in the server, resulting in the process terminating unexpectedly. This could lead to service disruption and potential denial of service, emphasizing the importance of timely updates and security patches.",Isc,Bind9,7.5,HIGH,0.03482000157237053,false,,false,false,true,2024-08-04T11:18:28.000Z,,false,false,,2020-08-21T21:15:00.000Z,0
CVE-2020-8623,https://securityvulnerability.io/vulnerability/CVE-2020-8623,A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c,"In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with ""--enable-native-pkcs11"" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker",Isc,Bind9,7.5,HIGH,0.011169999837875366,false,,false,false,true,2024-08-04T11:18:29.000Z,,false,false,,2020-08-21T21:15:00.000Z,0
CVE-2020-8624,https://securityvulnerability.io/vulnerability/CVE-2020-8624,"update-policy rules of type ""subdomain"" are enforced incorrectly","In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.",Isc,Bind9,4.3,MEDIUM,0.002319999970495701,false,,false,false,true,2024-08-04T11:18:29.000Z,,false,false,,2020-08-21T21:15:00.000Z,0
CVE-2020-8619,https://securityvulnerability.io/vulnerability/CVE-2020-8619,A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer,"In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk (""*"") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.",Isc,Bind9,4.9,MEDIUM,0.005789999850094318,false,,false,false,false,,,false,false,,2020-06-17T22:15:00.000Z,0
CVE-2020-8618,https://securityvulnerability.io/vulnerability/CVE-2020-8618,A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer,"An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.",Isc,Bind9,4.9,MEDIUM,0.001610000035725534,false,,false,false,false,,,false,false,,2020-06-17T22:15:00.000Z,0
CVE-2020-8616,https://securityvulnerability.io/vulnerability/CVE-2020-8616,BIND does not sufficiently limit the number of fetches performed when processing referrals,"A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.",Isc,Bind9,8.6,HIGH,0.005280000157654285,false,,false,false,false,,,false,false,,2020-05-19T00:00:00.000Z,0
CVE-2020-8617,https://securityvulnerability.io/vulnerability/CVE-2020-8617,A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c,"Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.",Isc,Bind9,7.5,HIGH,0.9724199771881104,false,,false,false,true,2020-05-22T05:40:55.000Z,true,false,false,,2020-05-19T00:00:00.000Z,0
CVE-2019-6477,https://securityvulnerability.io/vulnerability/CVE-2019-6477,TCP-pipelined queries can bypass tcp-clients limit,"With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been provisioned to handle. When a TCP connection with a large number of pipelined queries is closed, the load on the server releasing these multiple resources can cause it to become unresponsive, even for queries that can be answered authoritatively or from cache. (This is most likely to be perceived as an intermittent server problem).",Isc,Bind9,7.5,HIGH,0.01964999921619892,false,,false,false,false,,,false,false,,2019-11-20T00:00:00.000Z,0