Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 BIND 9 Security Vulnerability Matrix Featured

The BIND 9 Security Vulnerability Matrix is a tool to help DNS operators understand the current security risk for a given version of BIND. It has two parts: The first part is a table listing all of the vulnerabilities covered by this page. The first column…

2 CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

CVE: CVE-2017-3138 Document Version: 2.0 Posting date: 12 April 2017 Program Impacted: BIND Versions affected: 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9…

3 CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

CVE: CVE-2017-3137 Document Version: 2.0 Posting date: 12 April 2017 Program Impacted: BIND Versions affected: 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8 Severity: High Exploitable:…

4 CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"

CVE: CVE-2017-3136 Document Version: 2.0 Posting date: 12 April 2017 Program Impacted: BIND Versions affected: 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1,…

5 CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash

Some configurations using both DNS64 and RPZ can lead to an INSIST assertion failure or a NULL pointer read; in either case named will terminate. CVE: CVE-2017-3135 Document Version: 2.1 Posting date: 08 Feb 2017 Program Impacted: BIND Versions affected:…

6 CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c

CVE: CVE-2016-9778 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0 -> P1 Severity: High (for affected configurations) Exploitable: Remotely Description:…

7 CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure

CVE: CVE-2016-9444 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.6-ESV-R9 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1…

8 CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure

CVE: CVE-2016-9147 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, 9.11.0-P1 Severity: High Exploitable: Remotely Description: Depending on the type of query and the EDNS options in…

9 CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion

CVE: CVE-2016-9131 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.4.0 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1 Severity:…

10 CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure

CVE: CVE-2016-8864 Document Version: 2.0 Posting date: 1 November 2016 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0 -> 9.9.9-P3, 9.9.3-S1 -> 9.9.9-S5, 9.10.0 -> 9.10.4-P3, 9.11.0 Severity: High Exploitable: Remotely Description:…