cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12705,https://securityvulnerability.io/vulnerability/CVE-2024-12705,Denial of Service Vulnerability in BIND 9 by ISC,"A vulnerability exists in BIND 9 that allows clients utilizing DNS-over-HTTPS (DoH) to overload a DNS resolver's CPU and memory. Attackers can exploit this by sending a flood of crafted HTTP/2 traffic, whether valid or invalid, which can result in a significant degradation of service performance. This issue affects multiple versions of BIND 9, necessitating prompt attention from users to mitigate potential risks.",Isc,Bind 9,7.5,HIGH,0.0004299999854993075,false,,false,false,true,2025-01-29T21:40:27.839Z,false,false,false,,2025-01-29T21:40:27.839Z,130
CVE-2024-11187,https://securityvulnerability.io/vulnerability/CVE-2024-11187,Resource Exhaustion Vulnerability in BIND 9 by ISC,"A resource exhaustion vulnerability exists in BIND 9 that can be exploited through specially crafted DNS zones. Attackers can generate numerous query responses that overwhelm both authoritative servers and resolvers, leading to high resource consumption. This can disrupt DNS services and degrade server performance. System administrators are advised to review their DNS configurations and apply necessary mitigations to safeguard their systems from potential exploitation caused by this vulnerability.",Isc,Bind 9,7.5,HIGH,0.0004299999854993075,false,,true,false,true,2025-01-29T21:40:11.942Z,false,false,false,,2025-01-29T21:40:11.942Z,451
CVE-2024-4076,https://securityvulnerability.io/vulnerability/CVE-2024-4076,Stale Data and Assertion Failures in BIND 9 Versions,"This vulnerability in BIND 9 arises from a failure in handling client queries that can trigger the serving of stale data. In scenarios where local authoritative zone data is required for lookups, the issue may lead to an assertion failure. This poses a significant concern for users relying on BIND 9 for DNS services. Versions of BIND 9 affected include a range from 9.11.x to 9.19.x, necessitating immediate attention to prevent potential disruptions in service.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2025-02-13T18:19:10.000Z,,false,false,,2024-07-23T14:40:57.256Z,0
CVE-2024-1975,https://securityvulnerability.io/vulnerability/CVE-2024-1975,Excessive CPU Usage for DNSSEC-Validated 'KEY' Resource Records in BIND 9,"A resource exhaustion vulnerability exists in BIND 9 software that can be exploited when a server hosts a zone containing a 'KEY' Resource Record, or when a resolver DNSSEC-validates a 'KEY' Resource Record from a DNSSEC-signed domain cached. Attackers can overwhelm resolver CPU resources with a continuous stream of SIG(0) signed requests, potentially leading to a denial of service condition. This affects multiple versions of BIND 9, including those from the 9.0.0 series to the latest releases.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2025-02-13T18:17:40.000Z,,false,false,,2024-07-23T14:38:57.143Z,0
CVE-2024-1737,https://securityvulnerability.io/vulnerability/CVE-2024-1737,Degraded Performance in BIND Due to Large DNS Caches,"This vulnerability affects the BIND DNS server, specifically targeting its resolver caches and authoritative zone databases. When these components hold a substantial number of Resource Records (RRs) for a single hostname, they may experience degraded performance. This can occur both during updates or additions of content and when handling client queries. The affected versions of BIND are known to struggle with such scenarios, potentially affecting the overall efficiency of DNS resolution and impacting service availability.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2025-02-13T18:17:39.000Z,,false,false,,2024-07-23T14:34:09.750Z,0
CVE-2024-0760,https://securityvulnerability.io/vulnerability/CVE-2024-0760,DNS Server Unstable During Malicious DNS Message Flood,"The vulnerability CVE-2024-0760 affects the DNS server and can cause it to become unstable during a flood of malicious DNS messages over TCP. It impacts BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. This vulnerability could lead to a denial of service and has been exploited in the wild. Ubuntu has released updated packages to fix the issue, and it is recommended for affected systems to update promptly.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2025-02-13T18:17:33.000Z,,false,false,,2024-07-23T14:26:54.983Z,0
CVE-2024-28872,https://securityvulnerability.io/vulnerability/CVE-2024-28872,"Stork TLS Certificate Validation Code Flawed, Leading to Potential Data Loss and Denial of Service","The Stork management tool by ISC has a vulnerability in its TLS certificate validation process, which could be exploited by attackers. By obtaining a TLS certificate from the Stork server, an attacker can establish a connection with the Stork agent. This allows the attacker to send malicious commands to services monitored by Stork, such as Kea or BIND 9. The potential repercussions include unauthorized access to sensitive data and service disruption. It's crucial to note that the issue lies specifically with the Stork tool and does not directly affect Kea or BIND 9.",Isc,Stork,8.1,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2024-07-11T14:49:12.156Z,0
CVE-2023-6516,https://securityvulnerability.io/vulnerability/CVE-2023-6516,Named Resolver May Experience Infinite Loop of Cache Maintenance,"The issue arises in BIND 9's cache database management, where asynchronous cleanup processes may become overwhelmed by ongoing repetitive query patterns. This can result in an exponential growth of queued cleanup events, eventually exceeding the predefined maximum cache size limit. This vulnerability impacts the ability of the resolver to efficiently manage memory and maintain optimal performance over time, leading to potential service disruptions in environments relying on BIND 9 for DNS resolution.",Isc,Bind 9,7.5,HIGH,0.0006399999838322401,false,,false,false,true,2024-06-28T17:15:04.000Z,,false,false,,2024-02-13T14:05:28.933Z,0
CVE-2023-5679,https://securityvulnerability.io/vulnerability/CVE-2023-5679,BIND named Crashes with DNS64 and Serve-Stale Interaction,"The vulnerability arises from a problematic interaction between the DNS64 and serve-stale features in BIND 9. When both features are enabled during recursive DNS resolution, the `named` process may experience a crash due to an assertion failure. This could potentially lead to disrupted DNS service for affected users. The issue affects several versions of BIND 9 from 9.16.12 to 9.16.45, as well as a range of subversions specific to different configurations. Users are encouraged to review their BIND versions and apply necessary mitigations or updates.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2025-02-13T18:17:17.000Z,,false,false,,2024-02-13T14:05:06.688Z,0
CVE-2023-5517,https://securityvulnerability.io/vulnerability/CVE-2023-5517,Premature Exit and Assertion Failure in BIND 9 Due to Query-Handling Code Flaw,"A vulnerability exists in the query-handling code of BIND 9 DNS servers, leading to a potential premature exit due to an assertion failure. This occurs when the server is configured with `nxdomain-redirect <domain>;`, in conjunction with receiving a PTR query for an RFC 1918 address, typically resulting in an authoritative NXDOMAIN response. The flaw affects several versions of BIND 9, indicating a risk that could impact DNS resolution across various network environments, necessitating timely updates and mitigations by system administrators.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2024-08-22T14:15:05.000Z,,false,false,,2024-02-13T14:04:54.389Z,0
CVE-2023-4408,https://securityvulnerability.io/vulnerability/CVE-2023-4408,High CPU Load in DNS Message Parsing Code Affects BIND 9 Versions,"The DNS message parsing code in the BIND 9 implementation has a section with overly high computational complexity, which is not problematic under standard DNS traffic but can result in excessive CPU load. This vulnerability can be exploited through specially crafted DNS queries and responses, affecting both authoritative servers and recursive resolvers. Users of BIND 9 who run versions from 9.0.0 to 9.16.45, 9.18.0 to 9.18.21, 9.19.0 to 9.19.19, and various S1 versions, should take precautions to mitigate potential impact.",Isc,Bind 9,7.5,HIGH,0.00044999999227002263,false,,false,false,true,2025-02-13T18:16:41.000Z,,false,false,,2024-02-13T14:04:17.519Z,0
CVE-2023-3341,https://securityvulnerability.io/vulnerability/CVE-2023-3341,A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly,"A vulnerability in BIND 9 allows attackers to exploit the recursive nature of packet parsing during control channel message processing. This vulnerability can lead to unexpected termination of the `named` service due to insufficient stack memory. An attacker does not need to possess a valid RNDC key but only requires network access to the control channel's configured TCP port, making it critical for administrators to apply immediate patches to affected versions.",Isc,Bind 9,7.5,HIGH,0.0005200000014156103,false,,false,false,true,2025-02-13T17:16:40.000Z,,false,false,,2023-09-20T13:15:00.000Z,0
CVE-2023-4236,https://securityvulnerability.io/vulnerability/CVE-2023-4236,named may terminate unexpectedly under high DNS-over-TLS query load,"A networking flaw in BIND 9's handling of DNS-over-TLS queries may result in unexpected terminations of the 'named' service. This occurs due to an assertion failure triggered when internal data structures are reused improperly under significant load from DNS-over-TLS queries. Systems running BIND versions between 9.18.0 and 9.18.18, and 9.18.11-S1 to 9.18.18-S1 are affected, potentially leading to service disruptions.",Isc,Bind 9,7.5,HIGH,0.0004799999878741801,false,,false,false,true,2025-02-13T18:16:27.000Z,,false,false,,2023-09-20T13:15:00.000Z,0
CVE-2023-2828,https://securityvulnerability.io/vulnerability/CVE-2023-2828,named's configured cache size limit can be significantly exceeded,"A vulnerability has been identified in BIND 9 recursive resolvers, where the cache-cleaning algorithm can be manipulated through specific query patterns. This manipulation allows the cache size to exceed the configured limits, impacting overall memory management. This flaw affects multiple versions of BIND 9, making it essential for administrators to review their configurations and apply necessary updates to mitigate potential risks.",Isc,Bind 9,7.5,HIGH,0.0005200000014156103,false,,false,false,true,2024-12-06T19:15:03.000Z,,false,false,,2023-06-21T17:15:00.000Z,0
CVE-2023-2911,https://securityvulnerability.io/vulnerability/CVE-2023-2911,Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0,"A critical issue has been identified in BIND 9 resolvers, where if the 'recursive-clients' quota is met alongside configurations that enable stale answers, a series of related queries can lead to an unexpected loop and crash of the 'named' service due to stack overflow. This affects multiple versions of BIND 9, necessitating immediate attention from system administrators to mitigate potential disruptions.",Isc,Bind 9,7.5,HIGH,0.0009800000116229057,false,,false,false,true,2024-12-06T19:15:03.000Z,,false,false,,2023-06-21T17:15:00.000Z,0
CVE-2023-2829,https://securityvulnerability.io/vulnerability/CVE-2023-2829,Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled,"A vulnerability exists in the BIND 9 DNSSEC-validating recursive resolver configured with the Aggressive Use of DNSSEC-Validated Cache option. This vulnerability allows an attacker to remotely terminate the service through the exploitation of a zone containing a malformed NSEC record. This poses a risk for DNS resolution integrity and availability, affecting systems that rely on configured BIND 9 instances for DNS queries.",Isc,Bind 9,7.5,HIGH,0.0004400000034365803,false,,false,false,true,2024-12-06T19:15:03.000Z,,false,false,,2023-06-21T17:15:00.000Z,0
CVE-2022-3094,https://securityvulnerability.io/vulnerability/CVE-2022-3094,An UPDATE message flood may cause named to exhaust all available memory,"A vulnerability exists in BIND that allows for memory resource exhaustion through a flood of dynamic DNS updates. When access permissions are checked after memory allocation, trusted clients can potentially overwhelm the system, causing 'named' to exit due to insufficient memory. While memory is released for rejected updates almost instantly, the risk emerges when invalid updates are sent at scale. This issue impacts BIND versions 9.16.0 to 9.16.36, 9.18.0 to 9.18.10, 9.19.0 to 9.19.8, and 9.16.8-S1 to 9.16.36-S1.",Isc,Bind 9,7.5,HIGH,0.0009299999801442027,false,,false,false,true,2024-08-03T02:15:46.000Z,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-3736,https://securityvulnerability.io/vulnerability/CVE-2022-3736,named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries,"A flaw in the BIND 9 resolver can lead to a denial of service, causing the resolver to crash. This occurs when stale cache and stale answer handling are enabled, and the option 'stale-answer-client-timeout' is configured with a positive integer. If the resolver encounters an RRSIG query under these conditions, it may fail, interrupting DNS resolution services. This issue impacts multiple BIND 9 versions. Users are advised to review their configurations and consider updates to prevent potential disruptions.",Isc,Bind 9,7.5,HIGH,0.0009299999801442027,false,,false,false,true,2024-08-03T02:16:03.000Z,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-3488,https://securityvulnerability.io/vulnerability/CVE-2022-3488,named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries,"A vulnerability exists in BIND DNS Server that can cause the service to terminate unexpectedly due to improper handling of repeated responses with ECS pseudo-options. Specifically, if the initial response is malformed, the resolver may abort with an assertion failure rather than processing the query correctly. This impacts BIND versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1, potentially leading to significant service disruptions.",Isc,Bind 9,7.5,HIGH,0.0013200000394135714,false,,false,false,true,2024-08-03T02:15:57.000Z,,false,false,,2023-01-26T21:15:00.000Z,0
CVE-2022-3924,https://securityvulnerability.io/vulnerability/CVE-2022-3924,named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota,"The vulnerability in BIND 9 resolvers occurs due to improper handling of client queries when the 'stale-answer-enable' option is activated along with a positive 'stale-answer-client-timeout' setting. When the resolver experiences a high volume of recursive queries, it may need to terminate the longest waiting client in order to serve a new request. This scenario risks a race condition between sending a stale answer and issuing a 'SERVFAIL' response, potentially leading to an assertion failure that disrupts normal operations. Systems running vulnerable versions of BIND 9 should be assessed and updated to mitigate this risk.",Isc,Bind 9,7.5,HIGH,0.0009299999801442027,false,,false,false,true,2024-08-03T02:16:08.000Z,,false,false,,2023-01-25T21:39:49.110Z,0
CVE-2022-38178,https://securityvulnerability.io/vulnerability/CVE-2022-38178,Memory leaks in EdDSA DNSSEC verification code,"By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",Isc,Bind9,7.5,HIGH,0.007720000110566616,false,,false,false,true,2024-08-03T11:22:02.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-2906,https://securityvulnerability.io/vulnerability/CVE-2022-2906,Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only),"An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.",Isc,Bind9,7.5,HIGH,0.0012499999720603228,false,,false,false,true,2024-08-03T02:15:41.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-38177,https://securityvulnerability.io/vulnerability/CVE-2022-38177,Memory leak in ECDSA DNSSEC verification code,"By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.",Isc,Bind9,7.5,HIGH,0.003719999920576811,false,,false,false,true,2024-08-03T11:22:02.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-3080,https://securityvulnerability.io/vulnerability/CVE-2022-3080,BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly,"By sending specific queries to the resolver, an attacker can cause named to crash.",Isc,Bind9,7.5,HIGH,0.0034799999557435513,false,,false,false,true,2024-06-21T20:15:06.000Z,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-1183,https://securityvulnerability.io/vulnerability/CVE-2022-1183,Destroying a TLS session early causes assertion failure,"On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.",Isc,Bind9,7.5,HIGH,0.001019999966956675,false,,false,false,true,2024-09-17T04:18:51.000Z,,false,false,,2022-05-19T10:15:00.000Z,0