Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 BIND 9 Security Vulnerability Matrix Featured

The BIND 9 Security Vulnerability Matrix is a tool to help DNS operators understand the current security risk for a given version of BIND. It has two parts: The first part is a table listing all of the vulnerabilities covered by this page. The first column…

2 CVE-2015-8704: Specific APL data could trigger an INSIST in apl_42.c

CVE: CVE-2015-8704 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.3.0->9.8.8, 9.9.0->9.9.8-P2, 9.9.3-S1->9.9.8-S3, 9.10.0->9.10.3-P2 Severity: High Exploitable: Remotely Description: A buffer size…

3 CVE-2015-8705: Problems converting OPT resource records and ECS options to text format can cause BIND to terminate.

CVE: CVE-2015-8705 Document Version: 2.0 Posting date: 19 January 2016 Program Impacted: BIND Versions affected: 9.10.0->9.10.3-P2 Severity: Medium Exploitable: Remotely Description: In versions of BIND 9.10, errors can occur when OPT pseudo-RR data or…

4 CVE-2015-8461: A race condition when handling socket errors can lead to an assertion failure in resolver.c

CVE: CVE-2015-8461 Document Version: 2.0 Posting date: 15 December 2015 Program Impacted: BIND Versions affected: 9.9.8 -> 9.9.8-P1, 9.9.8-S1 -> 9.9.8-S2, 9.10.3 -> 9.10.3-P1 Severity: Medium Exploitable: Remotely Description: Beginning with the…

5 CVE-2015-8000: Responses with a malformed class attribute can trigger an assertion failure in db.c

CVE: CVE-2015-8000 Document Version: 2.0 Posting date: 15 December 2015 Program Impacted: BIND Versions affected: 9.0.x -> 9.9.8, 9.10.0 -> 9.10.3 Severity: Critical Exploitable: Remotely Description: An error in the parsing of incoming responses allows…

6 CVE-2015-5986: An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c

CVE: CVE-2015-5986 Document Version: 2.0 Posting date: 02 September 2015 Program Impacted: BIND Versions affected: 9.9.7 -> 9.9.7-P2, 9.10.2 -> 9.10.2-P3. Severity: Critical Exploitable: Remotely Description: An incorrect boundary check in openpgpkey_61.c…

7 CVE-2015-5722: Parsing malformed keys may cause BIND to exit due to a failed assertion in buffer.c

CVE: CVE-2015-5722 Document Version: 2.0 Posting date: 2 September 2015 Program Impacted: BIND Versions affected: BIND 9.0.0 -> 9.8.8, BIND 9.9.0 -> 9.9.7-P2, BIND 9.10.0 -> 9.10.2-P3 Severity: Critical Exploitable: Remotely Description: Parsing…

8 CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure

A deliberately constructed packet can exploit an error in the handling of queries for TKEY records, permitting denial of service. CVE: CVE-2015-5477 Document Version: 2.2 Posting date: 28 July 2015 Program Impacted: BIND Versions affected: 9.1.0 -> 9.8.x,…

9 CVE-2015-4620: Specially Constructed Zone Data Can Cause a Resolver to Crash when Validating

An attacker who can cause a validating resolver to query a zone containing specifically constructed contents can cause that resolver to fail an assertion and terminate due to a defect in validation code. CVE: CVE-2015-4620 Document Version: 2.0 Posting date:…

10 CVE-2015-1349: A Problem with Trust Anchor Management Can Cause named to Crash

When configured to perform DNSSEC validation, named can crash when encountering a rare set of conditions in the managed trust anchors. CVE: CVE-2015-1349 Document Version: 2.0 Posting date: 18 Feb 2015 Program Impacted: BIND Versions affected: BIND 9.7.0…