Information on source package bind9

Available versions

ReleaseVersion
bullseye1:9.16.50-1~deb11u2
bullseye (security)1:9.16.50-1~deb11u1
bookworm1:9.18.28-1~deb12u2
trixie1:9.20.2-1
sid1:9.20.2-1

Open issues

BugbullseyebookwormtrixiesidDescription
CVE-2022-2881vulnerable (no DSA, ignored)fixedfixedfixedThe underlying bug might cause read past end of the buffer and either ...

Resolved issues

BugDescription
CVE-2024-4076Client queries that trigger serving stale data and that also require l ...
CVE-2024-1975If a server hosts a zone containing a "KEY" Resource Record, or a reso ...
CVE-2024-1737Resolver caches and authoritative zone databases that hold significant ...
CVE-2024-0760A malicious client can send many DNS messages over TCP, potentially ca ...
CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 whe ...
CVE-2023-50387Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6 ...
CVE-2023-6516To keep its cache database efficient, `named` running as a recursive r ...
CVE-2023-5680If a resolver cache has a very large number of ECS records stored for ...
CVE-2023-5679A bad interaction between DNS64 and serve-stale may cause `named` to c ...
CVE-2023-5517A flaw in query-handling code can cause `named` to exit prematurely wi ...
CVE-2023-4408The DNS message parsing code in `named` includes a section whose compu ...
CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause ...
CVE-2023-3341The code that processes control channel messages sent to `named` calls ...
CVE-2023-2911If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...
CVE-2023-2829A `named` instance configured to run as a DNSSEC-validating recursive ...
CVE-2023-2828Every `named` instance configured to run as a recursive resolver maint ...
CVE-2022-38178By spoofing the target resolver with responses that have a malformed E ...
CVE-2022-38177By spoofing the target resolver with responses that have a malformed E ...
CVE-2022-3924This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ...
CVE-2022-3736BIND 9 resolver can crash when stale cache and stale answers are enabl ...
CVE-2022-3488Processing of repeated responses to the same query, where both respons ...
CVE-2022-3094Sending a flood of dynamic DNS updates may cause `named` to allocate l ...
CVE-2022-3080By sending specific queries to the resolver, an attacker can cause nam ...
CVE-2022-2906An attacker can leverage this flaw to gradually erode available memory ...
CVE-2022-2795By flooding the target resolver with queries exploiting this flaw an a ...
CVE-2022-1183On vulnerable configurations, the named daemon may, in some circumstan ...
CVE-2022-0667When the vulnerability is triggered the BIND process will exit. BIND 9 ...
CVE-2022-0635Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...
CVE-2022-0396BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9 ...
CVE-2021-25220BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Support ...
CVE-2021-25219In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> ...
CVE-2021-25218In BIND 9.16.19, 9.17.16. Also, version 9.16.19-S1 of BIND Supported P ...
CVE-2021-25216In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3- ...
CVE-2021-25215In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S ...
CVE-2021-25214In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versi ...
CVE-2020-8625BIND servers are vulnerable if they are running an affected version an ...
CVE-2020-8624In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 ...
CVE-2020-8623In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also af ...
CVE-2020-8622In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also aff ...
CVE-2020-8621In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured ...
CVE-2020-8620In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establ ...
CVE-2020-8619In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, ...
CVE-2020-8618An attacker who is permitted to send zone data to a server via zone tr ...
CVE-2020-8617Using a specially-crafted message, an attacker may potentially cause a ...
CVE-2020-8616A malicious actor who intentionally exploits this lack of effective li ...
CVE-2019-6477With pipelining enabled each incoming query on a TCP connection requir ...
CVE-2019-6476A defect in code added to support QNAME minimization can cause named t ...
CVE-2019-6475Mirror zones are a BIND feature allowing recursive servers to pre-cach ...
CVE-2019-6471A race condition which may occur when discarding malformed packets can ...
CVE-2019-6469An error in the EDNS Client Subnet (ECS) feature for recursive resolve ...
CVE-2019-6468In BIND Supported Preview Edition, an error in the nxdomain-redirect f ...
CVE-2019-6467A programming error in the nxdomain-redirect feature can cause an asse ...
CVE-2019-6465Controls for zone transfers may not be properly applied to Dynamically ...
CVE-2018-5745"managed-keys" is a feature which allows a BIND resolver to automatica ...
CVE-2018-5744A failure to free memory can occur when processing messages having a s ...
CVE-2018-5743By design, BIND is intended to limit the number of TCP clients that ca ...
CVE-2018-5742While backporting a feature for a newer branch of BIND9, RedHat introd ...
CVE-2018-5741To provide fine-grained controls over the ability to use Dynamic DNS ( ...
CVE-2018-5740"deny-answer-aliases" is a little-used feature intended to help recurs ...
CVE-2018-5738Change #4777 (introduced in October 2017) introduced an unforeseen iss ...
CVE-2018-5737A problem with the implementation of the new serve-stale feature in BI ...
CVE-2018-5736An error in zone database reference counting can lead to an assertion ...
CVE-2018-5735The Debian backport of the fix for CVE-2017-3137 leads to assertion fa ...
CVE-2018-5734While handling a particular type of malformed packet BIND erroneously ...
CVE-2017-3145BIND was improperly sequencing cleanup operations on upstream recursio ...
CVE-2017-3143An attacker who is able to send and receive messages to an authoritati ...
CVE-2017-3142An attacker who is able to send and receive messages to an authoritati ...
CVE-2017-3141The BIND installer on Windows uses an unquoted service path which can ...
CVE-2017-3140If named is configured to use Response Policy Zones (RPZ) an error pro ...
CVE-2017-3139A denial of service flaw was found in the way BIND handled DNSSEC vali ...
CVE-2017-3138named contains a feature which allows operators to issue commands to a ...
CVE-2017-3137Mistaken assumptions about the ordering of records in the answer secti ...
CVE-2017-3136A query with a specific set of characteristics could cause a server us ...
CVE-2017-3135Under some conditions when using both DNS64 and RPZ to rewrite query r ...
CVE-2016-9778An error in handling certain queries can cause an assertion failure wh ...
CVE-2016-9444named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...
CVE-2016-9147named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...
CVE-2016-9131named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...
CVE-2016-8864named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9. ...
CVE-2016-6170ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x throug ...
CVE-2016-2848ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remo ...
CVE-2016-2776buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4- ...
CVE-2016-2775ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x befo ...
CVE-2016-2088resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cook ...
CVE-2016-1286named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allo ...
CVE-2016-1285named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does ...
CVE-2016-1284rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before 9.9. ...
CVE-2015-8705buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logg ...
CVE-2015-8704apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.1 ...
CVE-2015-8461Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P ...
CVE-2015-8000db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3 ...
CVE-2015-5986openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x ...
CVE-2015-5722buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9. ...
CVE-2015-5477named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allo ...
CVE-2015-4620name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9. ...
CVE-2015-1349named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x befor ...
CVE-2014-8680The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remot ...
CVE-2014-8500ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...
CVE-2014-3859libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS opti ...
CVE-2014-3214The prefetch implementation in named in ISC BIND 9.10.0, when a recurs ...
CVE-2014-0591The query_findclosestnsec3 function in query.c in named in ISC BIND 9. ...
CVE-2013-6230The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ...
CVE-2013-4854The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x bef ...
CVE-2013-3919resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, a ...
CVE-2013-2266libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...
CVE-2012-5689ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...
CVE-2012-5688ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 i ...
CVE-2012-5166ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9. ...
CVE-2012-4244ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9. ...
CVE-2012-3868Race condition in the ns_client structure management in ISC BIND 9.9.x ...
CVE-2012-3817ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ...
CVE-2012-1667ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9. ...
CVE-2012-1033The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server n ...
CVE-2011-4313query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9 ...
CVE-2011-2465Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ...
CVE-2011-2464Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9. ...
CVE-2011-1910Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x befor ...
CVE-2011-1907ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...
CVE-2011-0414ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative s ...
CVE-2010-3762ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...
CVE-2010-3615named in ISC BIND 9.7.2-P2 does not check all intended locations for a ...
CVE-2010-3614named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ...
CVE-2010-3613named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, an ...
CVE-2010-0382ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...
CVE-2010-0290Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...
CVE-2010-0218ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ...
CVE-2010-0213BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trus ...
CVE-2010-0097ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2 ...
CVE-2009-4022Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...
CVE-2009-0696The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 befo ...
CVE-2009-0265Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not prop ...
CVE-2009-0025BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check t ...
CVE-2008-4163Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9. ...
CVE-2008-1447The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...
CVE-2008-0122Off-by-one error in the inet_network function in libbind in ISC BIND 9 ...
CVE-2007-6283Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key f ...
CVE-2007-2926ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...
CVE-2007-2925The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9 ...
CVE-2007-2241Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 th ...
CVE-2007-0494ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 u ...
CVE-2007-0493Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...
CVE-2006-4096BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...
CVE-2006-4095BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...
CVE-2006-2073Unspecified vulnerability in ISC BIND allows remote attackers to cause ...
CVE-2006-0987The default configuration of ISC BIND before 9.4.1-P1, when configured ...
CVE-2005-0364Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.1 ...
CVE-2005-0034An "incorrect assumption" in the authvalidated validator function in B ...
CVE-2002-2211BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...
CVE-2002-1221BIND 8.x through 8.3.3 allows remote attackers to cause a denial of se ...
CVE-2002-1220BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...
CVE-2002-1219Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...
CVE-2002-0029Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 th ...

Security announcements

DSA / DLADescription
DSA-5734-2bind9 - regression update
DSA-5734-1bind9 - security update
DLA-3816-1bind9 - security update
DSA-5621-1bind9 - security update
DLA-3726-1bind9 - security update
DSA-5504-1bind9 - security update
DLA-3498-1bind9 - security update
DSA-5439-1bind9 - security update
DSA-5329-1bind9 - security update
DLA-3138-1bind9 - security update
DSA-5235-1bind9 - security update
DLA-2955-2bind9 - regression update
DSA-5105-1bind9 - security update
DLA-2955-1bind9 - security update
DLA-2807-1bind9 - security update
DSA-4994-1bind9 - security update
DLA-2647-1bind9 - security update
DSA-4909-1bind9 - security update
DLA-2568-1bind9 - security update
DSA-4857-1bind9 - security update
DLA-2355-1bind9 - security update
DSA-4752-1bind9 - security update
DLA-2227-1bind9 - security update
DSA-4689-1bind9 - security update
DLA-1859-1bind9 - security update
DSA-4440-1bind9 - security update
DLA-1697-1bind9 - security update
DLA-1485-1bind9 - security update
DLA-1285-1bind9 - security update
DLA-1255-1bind9 - security update
DSA-4089-1bind9 - security update
DLA-1025-2bind9 - regression update
DSA-3904-2bind9 - regression update
DLA-1025-1bind9 - security update
DSA-3904-1bind9 - security update
DLA-957-1bind9 - security update
DSA-3854-1bind9 - security update
DLA-843-1bind9 - security update
DSA-3795-1bind9 - security update
DLA-805-1bind9 - security update
DSA-3758-1bind9 - security update
DLA-696-1bind9 - security update
DSA-3703-1bind9 - security update
DLA-672-1bind9 - security update
DLA-645-1bind9 - security update
DSA-3680-1bind9 - security update
DSA-3511-1bind9 - security update
DSA-3449-1bind9 - security update
DLA-396-1bind9 - security update
DLA-370-1bind9 - security update
DSA-3420-1bind9 - security update
DLA-308-1bind9 - security update
DSA-3350-1bind9 - security update
DSA-3319-1bind9 - security update
DLA-285-1bind9 - security update
DLA-270-1bind9 - security update
DSA-3304-1bind9 - security update
DLA-163-1bind9 - security update
DSA-3162-1bind9 - security update
DLA-112-1bind9 - security update
DSA-3094-1bind9 - security update
DSA-3023-1bind9 - security update
DLA-48-1bind9 - security update
DSA-2728-1bind9 - denial of service
DSA-2656-1bind9 - denial of service
DSA-2560-1bind9 - denial of service
DSA-2547-1bind9 - improper assert
DSA-2517-1bind9 - denial of service
DSA-2486-1bind9 - denial of service
DSA-2347-1bind9 - improper assert
DSA-2272-1bind9 - denial of service
DSA-2244-1bind9 - wrong boundary condition
DSA-2208-1bind9 - denial of service
DSA-2130-1bind9 - denial of service
DSA-2054-1bind9 - cache poisoning
DSA-1961-1bind9 - cache poisoning
DSA-1847-1bind9 - denial of service
DSA-1703-1bind9 - cryptographic weakness
DSA-1603-1bind9 - cache poisoning
DSA-1341-2bind9 - DNS cache poisoning vulnerability
DSA-1254-1bind9
DSA-1172-1bind9 - programming error

Search for package or bug name: Reporting problems