Bind9

This hub aggregates every CVE we track for Bind9, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Bind9.

• CVE-2022-38178Memory leaks in EdDSA DNSSEC verification code7.5Sep 21, 2022
• CVE-2022-3080BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly7.5Sep 21, 2022
• CVE-2022-38177Memory leak in ECDSA DNSSEC verification code7.5Sep 21, 2022
• CVE-2022-2906Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only)7.5Sep 21, 2022
• CVE-2022-2881Buffer overread in statistics channel code5.5Sep 21, 2022
• CVE-2022-2795Processing large delegations may severely degrade resolver performance5.3Sep 21, 2022
• CVE-2022-1183Destroying a TLS session early causes assertion failure7.5May 19, 2022
• CVE-2021-25219Lame cache can be abused to severely degrade resolver performance5.3Oct 27, 2021
• CVE-2021-25218A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use7.5Aug 18, 2021
• CVE-2021-25216A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack8.1Apr 29, 2021
• CVE-2021-25215An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself7.5Apr 29, 2021
• CVE-2021-25214A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly6.5Apr 29, 2021
• CVE-2020-8625A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack8.1Feb 17, 2021
• CVE-2020-8624update-policy rules of type "subdomain" are enforced incorrectly4.3Aug 21, 2020
• CVE-2020-8622A truncated TSIG response can lead to an assertion failure6.5Aug 21, 2020