Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
11 CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel

CVE: CVE-2017-3138 Document Version: 2.0 Posting date: 12 April 2017 Program Impacted: BIND Versions affected: 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9…

12 CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME

CVE: CVE-2017-3137 Document Version: 2.0 Posting date: 12 April 2017 Program Impacted: BIND Versions affected: 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0-P3, 9.11.1b1->9.11.1rc1, and 9.9.9-S8 Severity: High Exploitable:…

13 CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"

CVE: CVE-2017-3136 Document Version: 2.0 Posting date: 12 April 2017 Program Impacted: BIND Versions affected: 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1,…

14 CVE-2017-3135: Combination of DNS64 and RPZ Can Lead to Crash

Some configurations using both DNS64 and RPZ can lead to an INSIST assertion failure or a NULL pointer read; in either case named will terminate. CVE: CVE-2017-3135 Document Version: 2.1 Posting date: 08 Feb 2017 Program Impacted: BIND Versions affected:…

15 CVE-2016-9778: An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c

CVE: CVE-2016-9778 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0 -> P1 Severity: High (for affected configurations) Exploitable: Remotely Description:…

16 CVE-2016-9444: An unusually-formed DS record response could cause an assertion failure

CVE: CVE-2016-9444 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.6-ESV-R9 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1…

17 CVE-2016-9147: An error handling a query response containing inconsistent DNSSEC information could cause an assertion failure

CVE: CVE-2016-9147 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, 9.11.0-P1 Severity: High Exploitable: Remotely Description: Depending on the type of query and the EDNS options in…

18 CVE-2016-9131: A malformed response to an ANY query can cause an assertion failure during recursion

CVE: CVE-2016-9131 Document Version: 2.0 Posting date: 11 Jan 2017 Program Impacted: BIND Versions affected: 9.4.0 -> 9.6-ESV-R11-W1, 9.8.5 -> 9.8.8, 9.9.3 -> 9.9.9-P4, 9.9.9-S1 -> 9.9.9-S6, 9.10.0 -> 9.10.4-P4, 9.11.0 -> 9.11.0-P1 Severity:…

19 CVE-2016-8864: A problem handling responses containing a DNAME answer can lead to an assertion failure

CVE: CVE-2016-8864 Document Version: 2.0 Posting date: 1 November 2016 Program Impacted: BIND Versions affected: 9.0.x -> 9.8.x, 9.9.0 -> 9.9.9-P3, 9.9.3-S1 -> 9.9.9-S5, 9.10.0 -> 9.10.4-P3, 9.11.0 Severity: High Exploitable: Remotely Description:…

20 CVE-2016-2848: A packet with malformed options can trigger an assertion failure in ISC BIND versions released prior to May 2013 and in packages derived from releases prior to that date.

Please read the "Versions affected" and "Solutions" sections of this advisory carefully This article discusses a vulnerability in BIND that was corrected in ISC-distributed versions in May 2013. However, some versions of BIND distributed by other parties…