Bind9
This hub aggregates every CVE we track for Bind9, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
19
CVEs tracked
0
Critical
13
High
0
In CISA KEV
Severity distribution
HIGH13MEDIUM6
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Bind9.
- CVE-2022-1183Destroying a TLS session early causes assertion failure7.5
- CVE-2021-25219Lame cache can be abused to severely degrade resolver performance5.3
- CVE-2021-25218A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use7.5
- CVE-2021-25216A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack8.1
- CVE-2021-25215An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself7.5
- CVE-2021-25214A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly6.5
- CVE-2020-8625A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack8.1
- CVE-2020-8624update-policy rules of type "subdomain" are enforced incorrectly4.3
- CVE-2020-8622A truncated TSIG response can lead to an assertion failure6.5
- CVE-2020-8623A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c7.5
- CVE-2020-8621Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c7.5
- CVE-2020-8620In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causin...7.5
- CVE-2020-8618A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer4.9
- CVE-2020-8619A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer4.9
- CVE-2020-8617A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c7.5
Product normalization is registry-driven with AI assist and human review. How it works