CVE-2000-1029 — CVSS 10.0 (critical): Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.
CVE-2001-0010 — CVSS 10.0 (critical): Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
CVE-2008-0122 — CVSS 10.0 (critical): Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through…
CVE-2001-0013 — CVSS 10.0 (critical): Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
CVE-2020-8616 — CVSS 8.6 (high): A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals…
CVE-2016-1286 — CVSS 8.6 (high): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure…
CVE-2012-1667 — CVSS 8.5 (high): ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly…
CVE-2020-8625 — CVSS 8.1 (high): BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which…
CVE-2021-25216 — CVSS 8.1 (high): In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported…
CVE-2012-4244 — CVSS 7.8 (high): ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote…
CVE-2008-4163 — CVSS 7.8 (high): Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of…
CVE-2007-0493 — CVSS 7.8 (high): Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum…
CVE-2015-5722 — CVSS 7.8 (high): buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service…
CVE-2015-5477 — CVSS 7.8 (high): named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion…
CVE-2015-4620 — CVSS 7.8 (high): name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with…
CVE-2014-8500 — CVSS 7.8 (high): ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote…
CVE-2013-4854 — CVSS 7.8 (high): The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco…
CVE-2013-3919 — CVSS 7.8 (high): resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is…
CVE-2001-0497 — CVSS 7.8 (high): dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key…
CVE-2013-2266 — CVSS 7.8 (high): libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms…
CVE-2012-3817 — CVSS 7.8 (high): ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2…
CVE-2012-5688 — CVSS 7.8 (high): ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service…
CVE-2012-5166 — CVSS 7.8 (high): ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote…
CVE-2010-0382 — CVSS 7.6 (high): ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data…
CVE-2002-1219 — CVSS 7.5 (high): Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute…
CVE-2000-0335 — CVSS 7.5 (high): The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
CVE-2002-0029 — CVSS 7.5 (high): Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU…
CVE-2002-0651 — CVSS 7.5 (high): Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to…
CVE-2002-0684 — CVSS 7.5 (high): Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc…
CVE-2006-0527 — CVSS 7.5 (high): BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style…
CVE-2006-4095 — CVSS 7.5 (high): BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which…
CVE-2009-0265 — CVSS 7.5 (high): Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal…
CVE-2016-2776 — CVSS 7.5 (high): buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct…
CVE-2016-2848 — CVSS 7.5 (high): ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and…
CVE-2016-8864 — CVSS 7.5 (high): named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of…
CVE-2016-9131 — CVSS 7.5 (high): named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of…
CVE-2016-9147 — CVSS 7.5 (high): named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and…
CVE-2016-9444 — CVSS 7.5 (high): named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of…
CVE-2016-9778 — CVSS 7.5 (high): An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone…
CVE-2017-3135 — CVSS 7.5 (high): Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state…
CVE-2017-3137 — CVSS 7.5 (high): Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could…
CVE-2017-3143 — CVSS 7.5 (high): An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the…
CVE-2017-3145 — CVSS 7.5 (high): BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error…
CVE-2018-5734 — CVSS 7.5 (high): While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving…
CVE-2018-5740 — CVSS 7.5 (high): "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks…
CVE-2018-5742 — CVSS 7.5 (high): While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects…
CVE-2018-5743 — CVSS 7.5 (high): By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections…
CVE-2018-5744 — CVSS 7.5 (high): A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND…
CVE-2019-6467 — CVSS 7.5 (high): A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by…
CVE-2019-6468 — CVSS 7.5 (high): In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS)…
CVE-2019-6469 — CVSS 7.5 (high): An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a…
CVE-2019-6477 — CVSS 7.5 (high): With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via…
CVE-2020-8617 — CVSS 7.5 (high): Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or…
CVE-2020-8620 — CVSS 7.5 (high): In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection…
CVE-2020-8621 — CVSS 7.5 (high): In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who…
CVE-2020-8623 — CVSS 7.5 (high): In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview…
CVE-2021-25215 — CVSS 7.5 (high): In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview…
CVE-2021-25218 — CVSS 7.5 (high): In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported Preview Edition When a vulnerable version of named receives a query…
CVE-2022-0635 — CVSS 7.5 (high): Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually…
CVE-2022-1183 — CVSS 7.5 (high): On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations…
CVE-2022-2906 — CVSS 7.5 (high): An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart…
CVE-2022-3094 — CVSS 7.5 (high): Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due…
CVE-2022-3488 — CVSS 7.5 (high): Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some…
CVE-2022-3736 — CVSS 7.5 (high): BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive…
CVE-2022-38177 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-38178 — CVSS 7.5 (high): By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is…
CVE-2022-3924 — CVSS 7.5 (high): This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`…
CVE-2023-2828 — CVSS 7.5 (high): Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has…
CVE-2023-2829 — CVSS 7.5 (high): A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198)…
CVE-2023-2911 — CVSS 7.5 (high): If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-ti…
CVE-2023-3341 — CVSS 7.5 (high): The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth…
CVE-2023-4236 — CVSS 7.5 (high): A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This…
CVE-2023-4408 — CVSS 7.5 (high): The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for…
CVE-2023-50387 — CVSS 7.5 (high): Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of…
CVE-2023-50868 — CVSS 7.5 (high): The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a…
CVE-2023-5517 — CVSS 7.5 (high): A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is…
CVE-2023-5679 — CVSS 7.5 (high): A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both…
CVE-2023-6516 — CVSS 7.5 (high): To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses…
CVE-2026-1519 — CVSS 7.5 (high): If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU…
CVE-2026-3039 — CVSS 7.5 (high): BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when…
CVE-2026-3104 — CVSS 7.5 (high): A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9…
CVE-2026-5946 — CVSS 7.5 (high): Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example…
CVE-2026-5947 — CVSS 7.5 (high): Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message…
CVE-2026-3593 — CVSS 7.4 (high): A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22…
CVE-2017-3141 — CVSS 7.2 (high): The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file…
CVE-2015-8461 — CVSS 7.1 (high): Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a…
CVE-2007-2241 — CVSS 7.1 (high): Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to…
CVE-2015-5986 — CVSS 7.1 (high): openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service…
CVE-2012-5689 — CVSS 7.1 (high): ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that…
CVE-2011-0414 — CVSS 7.1 (high): ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock…
CVE-2015-8705 — CVSS 7.0 (high): buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service…
CVE-2013-6230 — CVSS 6.8 (medium): The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9…
CVE-2016-2088 — CVSS 6.8 (medium): resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service…
CVE-2009-0025 — CVSS 6.8 (medium): BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows…
CVE-2016-1285 — CVSS 6.8 (medium): named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages…
CVE-2008-1447 — CVSS 6.8 (medium): The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2…
CVE-2016-6170 — CVSS 6.5 (medium): ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service…
CVE-2015-8704 — CVSS 6.5 (medium): apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service…
CVE-2020-8622 — CVSS 6.5 (medium): In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition…
CVE-2021-25214 — CVSS 6.5 (medium): In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9…
CVE-2018-5741 — CVSS 6.5 (medium): To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called…
CVE-2017-3138 — CVSS 6.5 (medium): named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a…
CVE-2026-3119 — CVSS 6.5 (medium): Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only…
CVE-2010-3614 — CVSS 6.4 (medium): named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly…
CVE-1999-0184 — CVSS 6.4 (medium): When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS…
CVE-2019-6475 — CVSS 5.9 (medium): Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a…
CVE-2019-6476 — CVSS 5.9 (medium): A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral…
CVE-2016-2775 — CVSS 5.9 (medium): ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows…
CVE-2017-3136 — CVSS 5.9 (medium): A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An…
CVE-2018-5737 — CVSS 5.9 (medium): A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when…
CVE-2019-6471 — CVSS 5.9 (medium): A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in…
CVE-2016-1284 — CVSS 5.9 (medium): rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9.8-S5, when nxdomain-redirect is enabled, allows remote attackers to…
CVE-2007-2925 — CVSS 5.8 (medium): The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and…
CVE-2022-2881 — CVSS 5.5 (medium): The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
CVE-1999-0011 — CVSS 5.4 (medium): Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
CVE-2014-8680 — CVSS 5.4 (medium): The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named…
CVE-2015-1349 — CVSS 5.4 (medium): named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are…
CVE-2026-3591 — CVSS 5.4 (medium): A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS…
CVE-2022-0396 — CVSS 5.3 (medium): BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted…
CVE-2018-5736 — CVSS 5.3 (medium): An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND…
CVE-2021-25219 — CVSS 5.3 (medium): In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview…
CVE-2026-5950 — CVSS 5.3 (medium): An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote…
CVE-2023-5680 — CVSS 5.3 (medium): If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for…
CVE-2026-3592 — CVSS 5.3 (medium): BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially…
CVE-2022-2795 — CVSS 5.3 (medium): By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance…
CVE-2018-5738 — CVSS 5.3 (medium): Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which…
CVE-2019-6465 — CVSS 5.3 (medium): Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected…
CVE-2017-3142 — CVSS 5.3 (medium): An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be…
CVE-2015-8000 — CVSS 5.0 (medium): db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE…
CVE-2006-2073 — CVSS 5.0 (medium): Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG…
CVE-2006-4096 — CVSS 5.0 (medium): BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive…
CVE-2006-0987 — CVSS 5.0 (medium): The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides…
CVE-2005-0033 — CVSS 5.0 (medium): Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service…
CVE-2010-0218 — CVSS 5.0 (medium): ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which…
CVE-2010-3615 — CVSS 5.0 (medium): named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make…
CVE-2011-1907 — CVSS 5.0 (medium): ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of…
CVE-2011-1910 — CVSS 5.0 (medium): Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before…
CVE-2011-2464 — CVSS 5.0 (medium): Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote…
CVE-2011-4313 — CVSS 5.0 (medium): query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1…
CVE-2012-1033 — CVSS 5.0 (medium): The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response…
CVE-2002-2213 — CVSS 5.0 (medium): The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote…
CVE-2002-2212 — CVSS 5.0 (medium): The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote…
CVE-2002-2211 — CVSS 5.0 (medium): BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a…
CVE-2002-1221 — CVSS 5.0 (medium): BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which…
CVE-2002-1220 — CVSS 5.0 (medium): BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a…
CVE-2002-0400 — CVSS 5.0 (medium): ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error…
CVE-2001-0012 — CVSS 5.0 (medium): BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
CVE-2000-0888 — CVSS 5.0 (medium): named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the…
CVE-2014-3214 — CVSS 5.0 (medium): The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial…
CVE-2014-3859 — CVSS 5.0 (medium): libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service…
CVE-2000-0887 — CVSS 5.0 (medium): named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request…
CVE-2018-5745 — CVSS 4.9 (medium): "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure…
CVE-2020-8618 — CVSS 4.9 (medium): An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion…
CVE-2012-3868 — CVSS 4.3 (medium): Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service…
CVE-2009-0696 — CVSS 4.3 (medium): The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when…
CVE-2010-0097 — CVSS 4.3 (medium): ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate…
CVE-2003-0914 — CVSS 4.3 (medium): ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns…
CVE-2005-0034 — CVSS 4.3 (medium): An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a…
CVE-2010-3762 — CVSS 4.3 (medium): ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors…
CVE-2007-2930 — CVSS 4.3 (medium): The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers…
CVE-2007-2926 — CVSS 4.3 (medium): ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or…
CVE-2007-0494 — CVSS 4.3 (medium): ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind…
CVE-2010-3613 — CVSS 4.0 (medium): named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of…
CVE-2010-0290 — CVSS 4.0 (medium): Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta…
CVE-2017-3140 — CVSS 3.7 (low): If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will…
CVE-2009-4022 — CVSS 2.6 (low): Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta…
CVE-2010-0213 — CVSS 2.6 (low): BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside…
CVE-2014-0591 — CVSS 2.6 (low): The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV…
CVE-2011-2465 — CVSS 2.6 (low): Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone…
CVE-1999-1499 — CVSS 2.1 (low): named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process…