---
title: "BIND 9 Security Vulnerability Matrix - 9.4/9.4-ESV Branches"
slug: "aa-01582"
description: "This BIND 9 Security Vulnerability Matrix is a record of vulnerabilities affecting the EOL BIND 9.4/9.4-ESV branches during (or very shortly after) their lifetime. They are known to be affected by some vulnerabilities discovered after the EOL date (March 2012) but those will not be listed here."
updated: 2025-03-24T22:34:42Z
published: 2025-03-24T22:34:42Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.isc.org/llms.txt
> Use this file to discover all available pages before exploring further.

# BIND 9 Security Vulnerability Matrix - 9.4/9.4-ESV Branches

@(Warning)(The BIND versions listed in this article are EOL)(This BIND 9 Security Vulnerability Matrix is a record of vulnerabilities affecting the EOL BIND 9.4/9.4-ESV branches during (or very shortly after) their lifetime. They are known to be affected by some vulnerabilities discovered after the EOL date (March 2012) but those will not be listed here.)

This article has two parts:

* The first part is a table listing all of the vulnerabilities covered by this page. The first column is a reference number for use in the tables in the second part. The second column is the CVE (Common Vulnerabilities and Exposure) number for the vulnerability, linked to its page on [cve.mitre.org](http://cve.mitre.org/). The third column is a short description of the vulnerability, linked (where possible) to our Knowledgebase article on the vulnerability.
* The second part is a table listing all of the releases in this branch along the side and vulnerabilities along the top. If a vulnerability number is less than the lowest column heading, that branch does not have any versions with it. If a vulnerability number is greater than the highest column heading, that branch has not been tested and should be assumed to be vulnerable.

See the [matrix for current branches](https://kb.isc.org/docs/aa-00913) for more information about how to interpret these tables.

We do not generally list alpha, beta, or release candidate (RC) versions here, and recommend that you use only released software in any environment in which security could be an issue. [This page](https://www.isc.org/software/version-numbering) explains our version numbering system.

@(Warning)(Using obsolete versions of BIND)(We recommend that you not use obsolete versions of any ISC software. It was updated for a reason.)
 
 #### Listing of Vulnerabilities affecting BIND 9.4/9.4-ESV
| # | CVE Number | Short Description |
| --: | :---: | :-- |
| 45 | [2011-4313](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313) | [BIND 9 Resolver crashes after logging an error in query.c](https://kb.isc.org/docs/aa-00544) |
| 44 | [2011-2465](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2465) | [Remote crash with certain RPZ configurations](https://kb.isc.org/docs/aa-00458) |
| 43 | [2011-2464](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464) | [remote packet denial of service against authoritative and recursive servers](https://kb.isc.org/docs/aa-00457) |
| 42 | [2011-1910](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910) | [Large RRSIG RRsets and negative caching can crash named](https://kb.isc.org/docs/aa-00459) |
| 41 | [2011-1907](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1907) | [RRSIG queries can trigger server crash when using Response Policy Zones](https://kb.isc.org/docs/aa-00460) |
| 40 | [2011-0414](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414) | [Server lockup upon IXFR or DDNS update combined with high query rate](https://kb.isc.org/docs/aa-00461) |
| 39 | [2010-3613](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3613) | [cache incorrectly allows an ncache entry and an RRSIG for the same type](https://kb.isc.org/docs/aa-00938) |
| 38 | [2010-3615](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3615) | [allow-query processed incorrectly](https://kb.isc.org/docs/aa-00937) |
| 37 | [2010-3614](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3614) | [Key algorithm rollover bug in BIND 9](https://kb.isc.org/docs/aa-00936) |
| 36 | [2010-3762](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3762) | [failure to handle bad signatures if multiple trust anchors configured](https://kb.isc.org/docs/aa-00935) |
| 35 | [2010-0218](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0218) | [Unexpected ACL Behavior in BIND 9.7.2](https://kb.isc.org/docs/aa-00934) |
| 34 | [2010-0213](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0213) | [RRSIG query handling bug in BIND 9.7.1](https://kb.isc.org/docs/aa-00933) |
| 33 | [2010-0097](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097) | [DNSSEC validation code could cause bogus NXDOMAIN responses](https://kb.isc.org/docs/aa-00932) |
| 32 | [2009-4022](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022) | [Cache Update From Additional Section](https://kb.isc.org/docs/aa-00931) |
| 31 | [2009-0696](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696) | [Dynamic Update DoS attack](https://kb.isc.org/docs/aa-00926) |
| 30 | [2008-5077](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077) | DNSSEC issue with DSA and NSEC3DSA algorithms |
| 29 | [2008-1447](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447) | [DNS cache poisoning issue](https://kb.isc.org/docs/aa-00924) |
| 28 | [2008-0122](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122) | [inet_network() off-by-one buffer overflow](https://kb.isc.org/docs/aa-00923) |
| 27 | [2007-2930](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2930) | [cryptographically weak query ids (BIND 8)](https://kb.isc.org/docs/aa-00922) |
| 26 | [2007-2926](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926) | [cryptographically weak query ids](https://kb.isc.org/docs/aa-00921) |
| 25 | [2007-2925](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925) | [allow-query-cache/allow-recursion default acls not set.](https://kb.isc.org/docs/aa-00920) |
| 24 | [2007-2241](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2241) | [Sequence of queries can cause a recursive nameserver to exit.](https://kb.isc.org/docs/aa-00919) |


@(Info)(Why don't the reference numbers begin at 1?)(To reduce confusion we preserve the reference number across all of our articles and tables; to reduce clutter we have pared down the entries to only those listed in the table for this branch.)

 #### BIND 9.4 / 9.4-ESV
(EOL March 2012; Final matrix update 2011-11-16)

| ver/CVE | [24](https://kb.isc.org/docs/aa-00919) | [25](https://kb.isc.org/docs/aa-00920) | [26](https://kb.isc.org/docs/aa-00921) | [27](https://kb.isc.org/docs/aa-00922) | [28](https://kb.isc.org/docs/aa-00923) | [29](https://kb.isc.org/docs/aa-00924) | 30 | [31](https://kb.isc.org/docs/aa-00926) | [32](https://kb.isc.org/docs/aa-00931) | [33](https://kb.isc.org/docs/aa-00932) | [34](https://kb.isc.org/docs/aa-00933) | [35](https://kb.isc.org/docs/aa-00934) | [36](https://kb.isc.org/docs/aa-00935) | [37](https://kb.isc.org/docs/aa-00936) | [38](https://kb.isc.org/docs/aa-00937) | [39](https://kb.isc.org/docs/aa-00938) | [40](https://kb.isc.org/docs/aa-00461) | [41](https://kb.isc.org/docs/aa-00460) | [42](https://kb.isc.org/docs/aa-00459) | [43](https://kb.isc.org/docs/aa-00457) | [44](https://kb.isc.org/docs/aa-00458) | [45](https://kb.isc.org/docs/aa-00544) |
| :--- | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: |
| 9.4-ESV-R5-P1 |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   | + |
| 9.4-ESV-R5    |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   | + | + |
| 9.4-ESV-R4-P1 |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   | + | + |
| 9.4-ESV-R4    |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   |   | + |   |   | + |
| 9.4-ESV-R3    |   |   |   |   |   |   |   |   |   |   |   |   |   | + |   | + |   |   | + |   |   | + |
| 9.4-ESV-R2    |   |   |   |   |   |   |   |   |   |   |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4-ESV-R1    |   |   |   |   |   |   |   |   |   |   |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4-ESV       |   |   |   |   |   |   |   |   |   |   |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.3-P5      |   |   |   |   |   |   |   |   |   |   |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.3-P3      |   |   |   |   |   |   |   |   | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.3-P1      |   |   |   |   |   |   |   | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.3         |   |   |   |   |   |   | + | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.2-P1      |   |   |   |   | + |   | + | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.2         |   |   |   |   | + | + | + | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.1-P1      |   |   |   |   | + | + | + | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.1         |   | + | + |   | + | + | + | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |
| 9.4.0         | + | + | + |   | + | + | + | + | + | + |   |   |   | + |   | + |   |   |   |   |   | + |