---
title: "BIND 9 Security Vulnerability Matrix - 9.12"
slug: "bind-9-security-vulnerability-matrix-912"
description: "This BIND 9 Security Vulnerability Matrix is a record of vulnerabilities affecting the EOL BIND 9.10 branch during (or very shortly after) its lifetime. It is known to be affected by some vulnerabilities discovered after the EOL date (July 2018) but those will not be listed here."
updated: 2020-06-19T13:39:01Z
published: 2020-06-19T13:39:01Z
canonical: "kb.isc.org/bind-9-security-vulnerability-matrix-912"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://kb.isc.org/llms.txt
> Use this file to discover all available pages before exploring further.

# BIND 9 Security Vulnerability Matrix - 9.12

The BIND versions listed in this article are EOL
 This BIND 9 Security Vulnerability Matrix is a record of vulnerabilities affecting the EOL BIND 9.10 branch during (or very shortly after) its lifetime. It is known to be affected by some vulnerabilities discovered after the EOL date (July 2018) but those will not be listed here.

                         

This article has two parts:

- The first part is a table listing all of the vulnerabilities covered by this page. The first column is a reference number for use in the tables in the second part. The second column is the CVE (Common Vulnerabilities and Exposure) number for the vulnerability, linked to its page on [cve.mitre.org](http://cve.mitre.org/). The third column is a short description of the vulnerability, linked (where possible) to our Knowledgebase article on the vulnerability.
- The second part is a table listing all of the releases in this branch along the side and vulnerabilities along the top. If a vulnerability number is less than the lowest column heading, that branch does not have any versions with it. If a vulnerability number is greater than the highest column heading, that branch has not been tested and should be assumed to be vulnerable.

See the [matrix for current branches](https://kb.isc.org/docs/aa-00913) for more information about how to interpret these tables.

We do not generally list alpha, beta, or release candidate (RC) versions here, and recommend that you use only released software in any environment in which security could be an issue. [This page](https://www.isc.org/software/version-numbering) explains our version numbering system.

Using obsolete versions of BIND
 We recommend that you not use obsolete versions of any ISC software. It was updated for a reason.

                         

#### Listing of Vulnerabilities affecting BIND 9.12

| # | CVE Number | Short Description |
| --- | --- | --- |
| 106 | [2019-6471](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6471) | [A race condition when discarding malformed packets can cause BIND to exit with an assertion failure](https://kb.isc.org/v1/docs/cve-2019-6471) |
| 105 | [2019-6469](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6469) | [BIND Supported Preview Edition can exit with an assertion failure if ECS is in use](https://kb.isc.org/v1/docs/cve-2019-6469) |
| 104 | [2019-6468](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6468) | [BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used](https://kb.isc.org/v1/docs/cve-2019-6468) |
| 103 | [2019-6467](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6467) | [An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c](https://kb.isc.org/v1/docs/cve-2019-6467) |
| 102 | [2018-5743](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743) | [Limiting simultaneous TCP clients is ineffective](https://kb.isc.org/v1/docs/cve-2018-5743) |
| 101 | [2019-6465](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465) | [Zone transfer controls for writable DLZ zones were not effective](https://kb.isc.org/docs/cve-2019-6465) |
| 100 | [2018-5745](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745) | [An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys](https://kb.isc.org/docs/cve-2018-5745) |
| 99 | [2018-5744](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744) | [A specially crafted packet can cause named to leak memory](https://kb.isc.org/docs/cve-2018-5744) |
| 98 | [2018-5741](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5741) | [Update policies krb5-subdomain and ms-subdomain do not enforce controls promised in their documentation](https://kb.isc.org/docs/cve-2018-5741) |
| 97 | [2018-5740](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5740) | [A flaw in the "deny-answer-aliases" feature can cause an INSIST assertion failure in named](https://kb.isc.org/docs/aa-01639) |
| 96 | [2018-5738](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738) | [Some versions of BIND can improperly permit recursive query service to unauthorized clients](https://kb.isc.org/docs/aa-01616) |
| 95 | [2018-5737](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5737) | [BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled](https://kb.isc.org/docs/aa-01606) |
| 94 | [2018-5736](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5736) | [Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c](https://kb.isc.org/docs/aa-01602) |
| 93 | [2018-5734](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5734) | [A malformed request can trigger an assertion failure in badcache.c](https://kb.isc.org/docs/aa-01562) |

Why don't the reference numbers begin at 1?
 To reduce confusion we preserve the reference number across all of our articles and tables; to reduce clutter we have pared down the entries to only those listed in the table for this branch.

                         

#### BIND 9.12

(EOL May 2019; final matrix update 2019-06-19)

| ver/CVE | [93](https://kb.isc.org/docs/aa-01562) | [94](https://kb.isc.org/docs/aa-01602) | [95](https://kb.isc.org/docs/aa-01606) | [96](https://kb.isc.org/docs/aa-01616) | [97](https://kb.isc.org/docs/aa-01639) | [98](https://kb.isc.org/docs/cve-2018-5741) | [99](https://kb.isc.org/docs/cve-2018-5744) | [100](https://kb.isc.org/docs/cve-2018-5745) | [101](https://kb.isc.org/docs/cve-2019-6465) | [102](https://kb.isc.org/v1/docs/cve-2018-5743) | [103](https://kb.isc.org/v1/docs/cve-2019-6467) | [104](https://kb.isc.org/v1/docs/cve-2019-6468) | [105](https://kb.isc.org/v1/docs/cve-2019-6469) | [106](https://kb.isc.org/v1/docs/cve-2019-6471) |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| 9.12.4-P2 |  |  |  |  |  |  |  |  |  |  |  |  |  |  |
| 9.12.4-P1 |  |  |  |  |  |  |  |  |  |  |  |  |  | + |
| 9.12.4 |  |  |  |  |  |  |  |  |  | + | + |  |  | + |
| 9.12.3-P4 |  |  |  |  |  |  |  |  |  | + | + |  |  | + |
| 9.12.3-P1 |  |  |  |  |  |  | + | + | + | + | + |  |  | + |
| 9.12.3 |  |  |  |  |  |  | + | + | + | + | + |  |  | + |
| 9.12.2-P2 |  |  |  |  |  |  | + | + | + | + | + |  |  | + |
| 9.12.2-P1 |  |  |  |  |  | + | + | + | + | + | + |  |  | + |
| 9.12.2 |  |  |  |  | + | + | + | + | + | + | + |  |  | + |
| 9.12.1-P2 |  |  |  | + | + | + | + | + | + | + | + |  |  | + |
| 9.12.1 |  | + | + | + | + | + | + | + | + | + | + |  |  | + |
| 9.12.0 |  | + | + | + | + | + | + | + | + | + | + |  |  | + |