BIND 9 Security Vulnerability Matrix

Operational Notification: synth-from-dnssec may cause slow resolution on resolvers under certain cache conditions

CVE-2019-6467: An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c

CVE-2019-6468: BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used

CVE-2019-6471: A race condition when discarding malformed packets can cause BIND to exit with an assertion failure

CVE-2019-6476: An error in QNAME minimization code can cause BIND to exit with an assertion failure

CVE-2019-6475: A flaw in mirror zone validity checking can allow zone data to be spoofed

In-line Signing With NSEC3 in BIND 9.9+ -- A Walk-through

CVE-2019-6474: An oversight when validating incoming client requests can lead to a situation where the Kea server will exit when trying to restart

CVE-2019-6473: An invalid hostname option can cause the kea-dhcp4 server to terminate

CVE-2019-6472: A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

An Overview of BIND 9 Documentation

BIND 9.10 Administrator Reference Manual (ARM)

Operational Notification: Segmentation Fault in resolver.c Affects BIND 9.6-ESV-R6, 9.7.5, 9.8.2, & 9.9.0

CVE-2019-6469: BIND Supported Preview Edition can exit with an assertion failure if ECS is in use

Gathering Information on BIND 9 Memory Usage

CVE-2018-5743: Limiting simultaneous TCP clients is ineffective

CVE-2018-5745: An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys

CVE-2018-5744: A specially crafted packet can cause named to leak memory

CVE-2019-6465: Zone transfer controls for writable DLZ zones were not effective