CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-40777 – A possible assertion failure when 'stale-answer-client-timeout' is set to '0'
https://notcve.org/view.php?id=CVE-2025-40777
16 Jul 2025 — If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1. If a `named` cachi... • https://kb.isc.org/docs/cve-2025-40777 • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40776 – Birthday Attack against Resolvers supporting ECS
https://notcve.org/view.php?id=CVE-2025-40776
16 Jul 2025 — A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1. A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 thro... • https://kb.isc.org/docs/cve-2025-40776 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-40775 – DNS message with invalid TSIG causes an assertion failure
https://notcve.org/view.php?id=CVE-2025-40775
21 May 2025 — When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7. When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure... • https://github.com/AlexSvobo/nhi-zero-trust-bypass • CWE-232: Improper Handling of Undefined Values •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-12705 – DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
https://notcve.org/view.php?id=CVE-2024-12705
29 Jan 2025 — Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1. A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing D... • https://kb.isc.org/docs/cve-2024-12705 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-11187 – Many records in the additional section cause CPU exhaustion
https://notcve.org/view.php?id=CVE-2024-11187
29 Jan 2025 — It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 ... • https://kb.isc.org/docs/cve-2024-11187 • CWE-400: Uncontrolled Resource Consumption CWE-405: Asymmetric Resource Consumption (Amplification) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-4076 – Assertion failure when serving both stale cache data and authoritative zone content
https://notcve.org/view.php?id=CVE-2024-4076
23 Jul 2024 — Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Las consultas de los clientes que desencadenan la entrega de datos obsoletos y que también requieren búsquedas en datos de la zona autorizada local pueden provoc... • http://www.openwall.com/lists/oss-security/2024/07/23/1 • CWE-617: Reachable Assertion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1975 – SIG(0) can be used to exhaust CPU resources
https://notcve.org/view.php?id=CVE-2024-1975
23 Jul 2024 — If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. Si un servidor aloja una zona que contiene ... • http://www.openwall.com/lists/oss-security/2024/07/23/1 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-1737 – BIND's database will be slow if a very large number of RRs exist at the same name
https://notcve.org/view.php?id=CVE-2024-1737
23 Jul 2024 — Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Las cachés de resolución y las base... • http://www.openwall.com/lists/oss-security/2024/07/23/1 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 35%CPEs: 2EXPL: 1CVE-2024-0760 – A flood of DNS messages over TCP may make the server unstable
https://notcve.org/view.php?id=CVE-2024-0760
23 Jul 2024 — A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0 through 9.19.24, and 9.18.11-S1 through 9.18.27-S1. Un cliente malintencionado puede enviar muchos mensajes DNS a través de TCP, lo que podría provocar que el servidor se vuelva inestable mientras el ataque está en cu... • https://github.com/SpiralBL0CK/CVE-2024-0760 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6516 – Specific recursive query patterns may lead to an out-of-memory condition
https://notcve.org/view.php?id=CVE-2023-6516
13 Feb 2024 — To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queued for later processing. It was discovered that if the resolver is continuously processing query patterns triggering this type of cache-database maintenance, `named` may not be able to handle the cleanup events in ... • http://www.openwall.com/lists/oss-security/2024/02/13/1 • CWE-400: Uncontrolled Resource Consumption CWE-789: Memory Allocation with Excessive Size Value •