BIND Security Vulnerabilities
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null...
6.2AI Score
0.054EPSS
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records...
7.5AI Score
0.136EPSS
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka...
6.4AI Score
0.112EPSS
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub...
9.8AI Score
0.026EPSS
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload...
6.3AI Score
0.152EPSS
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live)...
6.2AI Score
0.02EPSS
Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr...
9.7AI Score
0.936EPSS
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and...
9.7AI Score
0.01EPSS
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS...
7.8CVSS
6.5AI Score
0.001EPSS
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root...
7.2AI Score
0.189EPSS
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment...
6.2AI Score
0.007EPSS
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root...
6.9AI Score
0.009EPSS
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root...
7.2AI Score
0.009EPSS
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv...
6.6AI Score
0.013EPSS
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr...
6.6AI Score
0.101EPSS
Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR...
8.2AI Score
0.009EPSS
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query...
6.6AI Score
0.011EPSS
6.6AI Score
0.003EPSS
6.9AI Score
0.008EPSS
6.6AI Score
0.003EPSS
6.6AI Score
0.008EPSS