Search CVE reports
1 – 10 of 167 results
Some fixes available 4 of 14
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 2 of 8
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 4 of 14
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 2 of 8
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 4 of 14
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 4 of 14
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 1 of 7
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Not affected | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 1 of 7
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Not affected | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 1 of 7
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Not affected | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |
Some fixes available 3 of 13
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bind9 | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
| isc-dhcp | Needs evaluation | Needs evaluation | Not affected | Not affected | Needs evaluation |
| bind9-libs | Not in release | Not in release | Needs evaluation | Needs evaluation | — |