Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 BIND 9 Security Vulnerability Matrix Featured

The BIND 9 Security Vulnerability Matrix is a tool to help DNS operators understand the current security risk for a given version of BIND. It has two parts: The first part is a table listing all of the vulnerabilities covered by this page. The first column…

2 CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c

CVE: CVE-2016-1285 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.2.0 -> 9.8.8, 9.9.0->9.9.8-P3, 9.9.3-S1->9.9.8-S5, 9.10.0->9.10.3-P3 Severity: High Exploitable: Remotely (on systems which accept…

3 CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.

CVE: CVE-2016-2088 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.10.0 -> 9.10.3-P3 Severity: High Exploitable: Remotely Description: BIND 9.10 has preliminary support for DNS cookies (or source identity tokens),…

4 CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c

CVE: CVE-2016-1286 Document Version: 2.0 Posting date: 09 March 2016 Program Impacted: BIND Versions affected: 9.0.0 -> 9.8.8, 9.9.0 -> 9.9.8-P3, 9.9.3-S1 -> 9.9.8-S5, 9.10.0 -> 9.10.3-P3 Severity: High Exploitable: Remotely Description: An error…

5 CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c

CVE: CVE-2015-8704 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.3.0->9.8.8, 9.9.0->9.9.8-P2, 9.9.3-S1->9.9.8-S3, 9.10.0->9.10.3-P2 Severity: High Exploitable: Remotely Description: A buffer size…

6 CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.

CVE: CVE-2015-8705 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.10.0->9.10.3-P2 Severity: Medium Exploitable: Remotely Description: In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or…

7 CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c

CVE: CVE-2015-8461 Document Version: 2.0 Posting date: 15 December 2015 Program Impacted: BIND Versions affected: 9.9.8 -> 9.9.8-P1, 9.9.8-S1 -> 9.9.8-S2, 9.10.3 -> 9.10.3-P1 Severity: Medium Exploitable: Remotely Description: Beginning with the…

8 CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c

CVE: CVE-2015-8000 Document Version: 2.0 Posting date: 15 December 2015 Program Impacted: BIND Versions affected: 9.0.x -> 9.9.8, 9.10.0 -> 9.10.3 Severity: Critical Exploitable: Remotely Description: An error in the parsing of incoming responses allows…

9 CVE-2015-5986: An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c

CVE: CVE-2015-5986 Document Version: 2.0 Posting date: 02 September 2015 Program Impacted: BIND Versions affected: 9.9.7 -> 9.9.7-P2, 9.10.2 -> 9.10.2-P3. Severity: Critical Exploitable: Remotely Description: An incorrect boundary check in openpgpkey_61.c…

10 CVE-2015-5722: Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c

CVE: CVE-2015-5722 Document Version: 2.0 Posting date: 2 September 2015 Program Impacted: BIND Versions affected: BIND 9.0.0 -> 9.8.8, BIND 9.9.0 -> 9.9.7-P2, BIND 9.10.0 -> 9.10.2-P3 Severity: Critical Exploitable: Remotely Description: Parsing…