bind (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package bind, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (27)
CVE-2025-40780 — CVSS 8.6 (high): In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to…
CVE-2025-40778 — CVSS 8.6 (high): Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the…
CVE-2022-3094 — CVSS 7.5 (high): Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due…
CVE-2022-3736 — CVSS 7.5 (high): BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive…
CVE-2022-38177 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-38178 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-3924 — CVSS 7.5 (high): This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`…
CVE-2023-2828 — CVSS 7.5 (high): Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has…
CVE-2023-3341 — CVSS 7.5 (high): The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth…
CVE-2023-4408 — CVSS 7.5 (high): The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for…
CVE-2023-50387 — CVSS 7.5 (high): Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of…
CVE-2023-50868 — CVSS 7.5 (high): The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a…
CVE-2023-5517 — CVSS 7.5 (high): A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is…
CVE-2023-5679 — CVSS 7.5 (high): A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both…
CVE-2023-6516 — CVSS 7.5 (high): To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses…
CVE-2024-11187 — CVSS 7.5 (high): It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional…
CVE-2024-1737 — CVSS 7.5 (high): Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from…
CVE-2024-1975 — CVSS 7.5 (high): If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed…
CVE-2024-4076 — CVSS 7.5 (high): Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion…
CVE-2026-5946 — CVSS 7.5 (high): Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example…
CVE-2025-8677 — CVSS 7.5 (high): Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue…
CVE-2026-1519 — CVSS 7.5 (high): If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU…
CVE-2026-3039 — CVSS 7.5 (high): BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when…
CVE-2022-2795 — CVSS 5.3 (medium): By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance…
CVE-2022-0396 — CVSS 5.3 (medium): BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted…