Knowledge Base ISC Main Website Ask a Question/Contact ISC
Quick Jump Menu
1 BIND 9 Security Vulnerability Matrix Featured

The BIND 9 Security Vulnerability Matrix is a tool to help DNS operators understand the current security risk for a given version of BIND. It has two parts: The first part is a table listing all of the vulnerabilities covered by this page. The first column…

2 CVE-2018-5740: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named

A rarely-used feature in BIND has a flaw which can cause named to exit with an assertion failure. CVE: CVE-2018-5740 Document Version: 2.0 Posting date: 08 August 2018 Program Impacted: BIND Versions affected: 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8,…

3 CVE-2018-5738: Some versions of BIND can improperly permit recursive query service to unauthorized clients

CVE: CVE-2018-5738 Document Version: 2.0 Posting date: 12 June 2018 Program Impacted: BIND Versions affected: 9.9.12, 9.10.7, 9.11.3, 9.12.0->9.12.1-P2, the development release 9.13.0, and also releases 9.9.12-S1, 9.10.7-S1, 9.11.3-S1, and 9.11.3-S2 from…

4 CVE-2018-5737: BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.

CVE: CVE-2018-5737 Document Version: 2.0 Posting date: 18 May 2018 Program Impacted: BIND Versions affected: 9.12.0, 9.12.1 Severity: Medium Exploitable: Remotely Description: A problem with the implementation of the new serve-stale feature in BIND 9.12 can…

5 CVE-2018-5736: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c

CVE: CVE-2018-5736 Document Version: 2.0 Posting date: 18 May 2018 Program Impacted: BIND Versions affected: 9.12.0 and 9.12.1 Severity: Medium Exploitable: Remotely, if an attacker can trigger a zone transfer Description: An error in zone database reference…

6 CVE-2018-5734: A malformed request can trigger an assertion failure in badcache.c

CVE: CVE-2018-5734 Document Version: 2.0 Posting date: 28 Feb 2018 Program Impacted: BIND Versions affected: 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2 Severity: High Exploitable: Remotely Description: While handling a particular type of malformed packet…

7 CVE-2017-3145: Improper fetch cleanup sequencing in the resolver can cause named to crash

Improper sequencing during cleanup can lead to a use-after-free error, triggering an assertion failure and crash in named. CVE: CVE-2017-3145 Document Version: 2.0 Posting date: 16 January 2018 Program Impacted: BIND Versions affected: 9.0.0 to 9.8.x, 9.9.0…

8 CVE-2017-3142: An error in TSIG authentication can permit unauthorized zone transfers

An attacker may be able to circumvent TSIG authentication of AXFR and NOTIFY requests. CVE: CVE-2017-3142 Document Version: 2.0 Posting date: 29 June 2017 Program Impacted: BIND Versions affected: 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1,…

9 CVE-2017-3143: An error in TSIG authentication can permit unauthorized dynamic updates

An attacker may be able to forge a valid TSIG or signature for a dynamic update. CVE: CVE-2017-3143 Document Version: 2.0 Posting date: 29 June 2017 Program Impacted: BIND Versions affected: 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1,…

10 CVE-2017-3141: Windows service and uninstall paths are not quoted when BIND is installed

CVE: CVE-2017-3141 Document Version: 2.0 Posting date: 14 Jun 2017 Program Impacted: BIND Versions affected: 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1…