Search CVE reports


Toggle filters

1 – 10 of 148 results


CVE-2024-4076

Medium priority

Some fixes available 4 of 9

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27,...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Not affected Not affected
bind9-libs Not in release Needs evaluation Needs evaluation
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2024-1975

Medium priority

Some fixes available 6 of 12

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0)...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
bind9-libs Not in release Needs evaluation Needs evaluation
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2024-1737

Medium priority

Some fixes available 6 of 12

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
bind9-libs Not in release Needs evaluation Needs evaluation
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2024-0760

Medium priority

Some fixes available 4 of 9

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Not affected Not affected
bind9-libs Not in release Needs evaluation Needs evaluation
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-5680

Medium priority
Not affected

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Not affected Not affected Not affected Not affected Not affected
isc-dhcp Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-6516

Medium priority

Some fixes available 1 of 2

To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Not affected Not affected Fixed Not affected Not affected
bind9-libs Not in release Not affected Not affected Not in release Not in release
isc-dhcp Not affected Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-5679

Medium priority

Some fixes available 4 of 5

A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45,...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Not affected Not affected Not affected
bind9-libs Not in release Not affected Not affected Not in release Not in release
isc-dhcp Not affected Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-5517

Medium priority

Some fixes available 5 of 7

A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Needs evaluation Not affected
bind9-libs Not in release Not affected Not affected Not in release Not in release
isc-dhcp Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-50868

Medium priority

Some fixes available 20 of 42

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random...

7 affected packages

bind9, bind9-libs, dnsmasq, isc-dhcp, knot-resolver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
bind9-libs Not in release Needs evaluation Needs evaluation Not in release Not in release
dnsmasq Fixed Fixed Fixed Fixed Fixed
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
knot-resolver Vulnerable Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pdns-recursor Vulnerable Needs evaluation Needs evaluation Needs evaluation Needs evaluation
unbound Fixed Fixed Fixed Needs evaluation Needs evaluation
Show all 7 packages Show less packages

CVE-2023-50387

Medium priority

Some fixes available 20 of 42

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of...

7 affected packages

bind9, bind9-libs, dnsmasq, isc-dhcp, knot-resolver...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
bind9-libs Not in release Needs evaluation Needs evaluation Not in release Not in release
dnsmasq Fixed Fixed Fixed Fixed Fixed
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
knot-resolver Vulnerable Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pdns-recursor Vulnerable Needs evaluation Needs evaluation Needs evaluation Needs evaluation
unbound Fixed Fixed Fixed Needs evaluation Needs evaluation
Show all 7 packages Show less packages