BIND 9 Security Vulnerability Matrix - 9.15
  • 19 Jun 2020
  • 2 Minutes to read
  • Contributors
  • Dark
  • PDF

BIND 9 Security Vulnerability Matrix - 9.15

  • Dark
  • PDF

Article summary

The BIND versions listed in this article are EOL
This BIND 9 Security Vulnerability Matrix is a record of vulnerabilities affecting the EOL BIND 9.15 development branch during (or very shortly after) its lifetime. It is known to be affected by some vulnerabilities discovered after the EOL date (May 2020) but those will not be listed here.

This article has two parts:

  • The first part is a table listing all of the vulnerabilities covered by this page. The first column is a reference number for use in the tables in the second part. The second column is the CVE (Common Vulnerabilities and Exposure) number for the vulnerability, linked to its page on The third column is a short description of the vulnerability, linked (where possible) to our Knowledgebase article on the vulnerability.
  • The second part is a table listing all of the releases in this branch along the side and vulnerabilities along the top. If a vulnerability number is less than the lowest column heading, that branch does not have any versions with it. If a vulnerability number is greater than the highest column heading, that branch has not been tested and should be assumed to be vulnerable.

See the matrix for current branches for more information about how to interpret these tables.

We do not generally list alpha, beta, or release candidate (RC) versions here, and recommend that you use only released software in any environment in which security could be an issue. This page explains our version numbering system.

Using obsolete versions of BIND
We recommend that you not use obsolete versions of any ISC software. It was updated for a reason.

Listing of Vulnerabilities affecting BIND 9.15

# CVE Number Short Description
113 2020-8619 An asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c
112 2020-8618 A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer
111 2020-8617 A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c
110 2020-8616 BIND does not sufficiently limit the number of fetches when chasing referrals
109 2019-6477 TCP-pipelined queries can bypass tcp-clients limit
108 2019-6476 An error in QNAME minimization code can cause BIND to exit with an assertion failure
107 2019-6475 A flaw in mirror zone validity checking can allow zone data to be spoofed
106 2019-6471 A race condition when discarding malformed packets can cause BIND to exit with an assertion failure
Why don't the reference numbers begin at 1?
To reduce confusion we preserve the reference number across all of our articles and tables; to reduce clutter we have pared down the entries to only those listed in the table for this branch.

BIND 9.15

(EOL March 2020; final matrix update 2020-06-17)

ver/CVE 106 107 108 109 110 111 112 113
9.15.8 + + + +
9.15.7 + + + +
9.15.6 + + + +
9.15.5 + + + +
9.15.4 + + + + + +
9.15.3 + + + + + +
9.15.2 + + + + + +
9.15.1 + + + + + +
9.15.0 + + + + + + +