Search CVE reports
11 – 20 of 148 results
CVE-2023-4408
Medium prioritySome fixes available 5 of 14
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation | Ignored |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-4236
Medium prioritySome fixes available 5 of 6
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-3341
Medium prioritySome fixes available 9 of 10
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-2829
Medium priorityA `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-2911
Medium prioritySome fixes available 7 of 10
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | Not in release | Not in release |
| isc-dhcp | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-2828
Medium prioritySome fixes available 10 of 18
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2022-3488
Medium priorityProcessing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-3924
Medium priorityThis issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-3736
Medium priorityBIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-3094
Medium prioritySending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited....
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Fixed | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |