Search CVE reports
11 – 20 of 53 results
To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Not affected | Not affected | Fixed | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | Not in release |
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled. This issue affects BIND 9 versions 9.16.12 through 9.16.45,...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | Not in release |
Some fixes available 6 of 8
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is configured, and - the resolver receives a PTR query for an RFC 1918 address that...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | Not in release |
Some fixes available 23 of 43
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random...
7 affected packages
bind9, isc-dhcp, unbound, pdns-recursor, dnsmasq...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Not affected |
| unbound | Fixed | Fixed | Fixed | Needs evaluation |
| pdns-recursor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| dnsmasq | Fixed | Fixed | Fixed | Fixed |
| knot-resolver | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release |
Some fixes available 23 of 42
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of...
7 affected packages
bind9, isc-dhcp, unbound, pdns-recursor, dnsmasq...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Not affected |
| unbound | Fixed | Fixed | Fixed | Needs evaluation |
| pdns-recursor | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| dnsmasq | Fixed | Fixed | Fixed | Fixed |
| knot-resolver | Not affected | Needs evaluation | Needs evaluation | Needs evaluation |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release |
Some fixes available 6 of 15
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release |
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | — | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected |
Some fixes available 8 of 10
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop...
3 affected packages
bind9, isc-dhcp, bind9-libs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | Not in release |