Vulnerabilities (CVE)

Filtered by vendor Isc Subscribe
Total 214 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3736 1 Isc 1 Bind 2023-02-03 N/A 7.5 HIGH
BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.
CVE-2022-3488 1 Isc 1 Bind 2023-02-03 N/A 7.5 HIGH
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.
CVE-2022-3094 1 Isc 1 Bind 2023-02-03 N/A 7.5 HIGH
Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.
CVE-2007-0493 1 Isc 1 Bind 2023-02-02 7.8 HIGH N/A
CVE-2007-0493 bind use-after-free
CVE-2009-1893 2 Isc, Redhat 2 Dhcp, Enterprise Linux 2023-02-02 6.9 MEDIUM N/A
CVE-2009-1893 dhcp: insecure temporary file use in the dhcpd init script
CVE-2022-38177 3 Debian, Fedoraproject, Isc 3 Debian Linux, Fedora, Bind 2022-12-28 N/A 7.5 HIGH
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CVE-2022-38178 3 Debian, Fedoraproject, Isc 3 Debian Linux, Fedora, Bind 2022-12-28 N/A 7.5 HIGH
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
CVE-2012-4244 1 Isc 1 Bind 2022-12-09 7.8 HIGH N/A
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
CVE-2021-25219 6 Debian, Fedoraproject, Isc and 3 more 23 Debian Linux, Fedora, Bind and 20 more 2022-12-08 5.0 MEDIUM 5.3 MEDIUM
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
CVE-2022-2906 1 Isc 1 Bind 2022-12-03 N/A 7.5 HIGH
An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service.
CVE-2022-3080 2 Fedoraproject, Isc 2 Fedora, Bind 2022-12-03 N/A 7.5 HIGH
By sending specific queries to the resolver, an attacker can cause named to crash.
CVE-2021-25220 4 Fedoraproject, Isc, Netapp and 1 more 19 Fedora, Bind, Baseboard Management Controller H300e and 16 more 2022-11-28 4.0 MEDIUM 6.8 MEDIUM
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.
CVE-2022-2928 3 Debian, Fedoraproject, Isc 3 Debian Linux, Fedora, Dhcp 2022-11-28 N/A 6.5 MEDIUM
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
CVE-2022-2929 3 Debian, Fedoraproject, Isc 3 Debian Linux, Fedora, Dhcp 2022-11-21 N/A 6.5 MEDIUM
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
CVE-2022-2881 1 Isc 1 Bind 2022-11-16 N/A 8.2 HIGH
The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.
CVE-2022-0396 4 Fedoraproject, Isc, Netapp and 1 more 19 Fedora, Bind, Baseboard Management Controller H300e and 16 more 2022-11-16 4.3 MEDIUM 5.3 MEDIUM
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVE-2022-2795 3 Debian, Fedoraproject, Isc 3 Debian Linux, Fedora, Bind 2022-11-03 N/A 7.5 HIGH
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.
CVE-2021-25217 5 Debian, Fedoraproject, Isc and 2 more 26 Debian Linux, Fedora, Dhcp and 23 more 2022-10-29 3.3 LOW 7.4 HIGH
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
CVE-2022-1183 2 Isc, Netapp 11 Bind, H300s, H300s Firmware and 8 more 2022-10-07 4.3 MEDIUM 7.5 HIGH
On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch.
CVE-2020-8619 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2022-10-07 4.0 MEDIUM 4.9 MEDIUM
In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, BIND 9.16.0 -> 9.16.3, BIND Supported Preview Edition 9.11.14-S1 -> 9.11.19-S1: Unless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.