• Print
  • Share
  • Dark
    Light

BIND 9 Security Vulnerability Matrix - 9.8

  • Updated on 20 Sep 2018
  • 7 minutes to read
  • Contributors 

The BIND versions listed in this article are EOLThis BIND 9 Security Vulnerability Matrix is a record of vulnerabilities affecting the EOL BIND 9.8 branch during (or very shortly after) its lifetime. It is known to be affected by some vulnerabilities discovered after the EOL date (September 2014) but those will not be listed here.

This article has two parts

  • The first part is a table listing all of the vulnerabilities covered by this page.  The first column is a reference number for use in the tables in the second part.  The second column is the CVE (Common Vulnerabilities and Exposure) number for the vulnerability, linked to its page on cve.mitre.org.  The third column is a short description of the vulnerability, linked (where possible) to our Knowledge Base article on the vulnerability.
  • The second part is a table listing all of the releases in this branch along the side and vulnerabilities along the top.  If a vulnerability number is less than the lowest column heading, that branch does not have any versions with it.  If a vulnerability number is greater than the highest column heading, that branch has not been tested and should be assumed to be vulnerable.

See the matrix for current branches for more information about how to interpret these tables.

We do not generally list alpha, beta or release candidate (RC) versions here, and recommend that you use only released software in any environment in which security could be an issue. This page explains our version numbering system.

Using obsolete versions of BINDWe recommend that you not use obsolete versions of any ISC software. It was updated for a reason.

Listing of Vulnerabilities affecting BIND 9.8

# CVE Number Short Description
61 2014-8680 Defects in GeoIP features can cause BIND to crash
60 2014-8500 A Defect in Delegation Handling Can Be Exploited to Crash BIND
59 2014-3859 BIND named can crash due to a defect in EDNS printing processing
58 2014-3214 A Defect in Prefetch Can Cause Recursive Servers to Crash
57 2014-0591 A Crafted Query Against an NSEC3-signed Zone Can Crash BIND
56 2013-6230 A Winsock API Bug can cause a side-effect affecting BIND ACLs
55 2013-4854 A specially crafted query can cause BIND to terminate abnormally
54 2013-3919 A recursive resolver can be crashed by a query for a malformed zone
53 2013-2266 A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
52 2012-5689 BIND 9 with DNS64 enabled can unexpectedly terminate when resolving domains in RPZ
51 2012-5688 BIND 9 servers using DNS64 can be crashed by a crafted query
50 2012-5166 Specially crafted DNS data can cause a lockup in named
49 2012-4244 A specially crafted Resource Record could cause named to terminate
48 2012-3868 High TCP query load can trigger a memory leak
47 2012-3817 Heavy DNSSEC validation load can cause a "bad cache" assertion failure
46 2012-1667 Handling of zero length rdata can cause named to terminate unexpectedly
45 2011-4313 BIND 9 Resolver crashes after logging an error in query.c
44 2011-2465 Remote crash with certain RPZ configurations
43 2011-2464 remote packet denial of service against authoritative and recursive servers
42 2011-1910 Large RRSIG RRsets and negative caching can crash named
41 2011-1907 RRSIG queries can trigger server crash when using Response Policy Zones

Why don't the reference numbers begin at 1?In order to reduce confusion we preserve the reference number across all of our articles and tables. In order to reduce clutter we have pared down the entries to only those listed in the table for this branch.

BIND 9.8

(EOL September 2014; final matrix update 2014-12-08)

ver/CVE 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
9.8.8 +
9.8.7-P1 +
9.8.7 +
9.8.6-P2 +
9.8.6-P1 + +
9.8.6 + + +
9.8.5-P2 + + +
9.8.5-P1 + + + +
9.8.5 + + + + +
9.8.4-P2 + + + + +
9.8.4-P1 + + + + + +
9.8.4 + + + + + + +
9.8.3-P4 + + + + + + +
9.8.3-P3 + + + + + + + +
9.8.3-P2 + + + + + + + + +
9.8.3-P1 + + + + + + + + + +
9.8.3 + + + + + + + + + + +
9.8.2 + + + + + + + + + + +
9.8.1-P1 + + + + + + + + + + +
9.8.1 + + + + + + + + + + + +
9.8.0-P4 + + + + + + + + + + + +
9.8.0-P3 + + + + + + + + + + + + +
9.8.0-P2 + + + + + + + + + + + + + +
9.8.0-P1 + + + + + + + + + + + + + + +
9.8.0 + + + + + + + + + + + + + + + +
Problems with this site? Email us at marketing@isc.org