pkg:Alpine/bind
共 88 筆 CVECRITICAL2HIGH59MEDIUM26LOW1
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.8CVE-2026-3593A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.from 0, < 9.18.49-r0
- CRITICAL9.8CVE-2021-25216In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Previe…from 0, < 9.16.15-r0
- HIGH8.6CVE-2025-40780In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to p…from 0, < 9.18.41-r0
- from 0, < 9.18.41-r0
- HIGH8.6CVE-2025-40776A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack.from 0, < 9.20.11-r0
- from 0, < 9.14.12-r0
- HIGH8.2CVE-2022-2881The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process.from 0, < 9.16.33-r0
- from 0, < 9.16.11-r2
- HIGH7.8CVE-2017-3141The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file…from 0, < 9.11.3-r0
- HIGH7.5CVE-2026-5946Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `C…from 0, < 9.18.49-r0
- HIGH7.5CVE-2026-3039BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when re…from 0, < 9.18.49-r0
- HIGH7.5CVE-2026-3104A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.from 0, < 9.20.21-r0
- from 0, < 9.18.47-r0
- from 0, < 9.18.44-r0
- HIGH7.5CVE-2025-8677Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion.from 0, < 9.18.41-r0
- HIGH7.5CVE-2025-40777If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only al…from 0, < 9.20.11-r0
- HIGH7.5CVE-2025-40775When an incoming DNS protocol message includes a Transaction Signature (TSIG), BIND always checks it.from 0, < 9.18.37-r0
- HIGH7.5CVE-2024-12705Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traff…from 0, < 9.18.33-r0
- from 0, < 9.18.33-r0
- HIGH7.5CVE-2024-4076Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion fa…from 0, < 9.18.31-r0
- HIGH7.5CVE-2024-1975If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed do…from 0, < 9.18.31-r0
- from 0, < 9.18.31-r0
- HIGH7.5CVE-2024-0760A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress.from 0, < 9.18.31-r0
- HIGH7.5CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a de…from 0, < 9.16.48-r0
- from 0, < 9.16.48-r0
- HIGH7.5CVE-2023-6516To keep its cache database efficient, `named` running as a recursive resolver occasionally attempts to clean up the database.from 0, < 9.16.48-r0
- HIGH7.5CVE-2023-5679A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both…from 0, < 9.16.48-r0
- HIGH7.5CVE-2023-5517A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when: - `nxdomain-redirect <domain>;` is conf…from 0, < 9.16.48-r0
- from 0, < 9.16.48-r0
- HIGH7.5CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure.from 0, < 9.18.19-r0
- from 0, < 9.16.44-r0
- HIGH7.5CVE-2023-2911If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-t…from 0, < 9.16.42-r0
- HIGH7.5CVE-2022-3924This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, conf…from 0, < 9.16.37-r0
- HIGH7.5CVE-2022-3736BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer…from 0, < 9.16.37-r0
- from 0, < 9.16.37-r0
- HIGH7.5CVE-2022-3080By sending specific queries to the resolver, an attacker can cause named to crash.from 0, < 9.16.33-r0
- HIGH7.5CVE-2022-38178By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak.from 0, < 9.16.33-r0
- HIGH7.5CVE-2022-38177By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak.from 0, < 9.16.33-r0
- HIGH7.5CVE-2022-2906An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources.from 0, < 9.16.33-r0
- from 0, < 9.16.20-r0
- HIGH7.5CVE-2021-25215In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview…from 0, < 9.16.15-r0
- HIGH7.5CVE-2020-8623In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition…from 0, < 9.16.6-r0
- HIGH7.5CVE-2020-8621In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who…from 0, < 9.16.6-r0
- HIGH7.5CVE-2020-8620In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection…from 0, < 9.16.6-r0
- HIGH7.5CVE-2019-6477With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via T…from 0, < 9.14.8-r0
- HIGH7.5CVE-2019-6470There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode.from 0, < 0
- HIGH7.5CVE-2019-6476A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral ra…from 0, < 9.14.7-r0
- HIGH7.5CVE-2019-6475Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers.from 0, < 9.14.7-r0
- HIGH7.5CVE-2019-6467A programming error in the nxdomain-redirect feature can cause an assertion failure in query.c if the alternate namespace used by nxdomain-…from 0, < 9.14.1-r0
- HIGH7.5CVE-2018-5744A failure to free memory can occur when processing messages having a specific combination of EDNS options.from 0, < 9.12.3_p4-r0
- from 0, < 9.14.1-r0
- from 0, < 9.12.2_p1-r0
- HIGH7.5CVE-2018-5738Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which cli…from 0, < 9.12.2_p1-r0
- HIGH7.5CVE-2018-5737A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-…from 0, < 9.12.1_p2-r0
- from 0, < 9.11.2_p1-r0
- HIGH7.5CVE-2017-3137Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records could lea…from 0, < 9.11.0_p5-r0
- HIGH7.5CVE-2016-9444named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of se…from 0, < 9.10.4_p5-r0
- HIGH7.5CVE-2016-9147named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and…from 0, < 9.10.4_p5-r0
- from 0, < 9.10.4_p5-r0
- from 0, < 9.10.4_p4-r0
- HIGH7.5CVE-2016-2776buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses…from 0, < 9.10.4_p3
- from 0, < 9.16.27-r0
- MEDIUM6.5CVE-2026-3119Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record.from 0, < 9.20.21-r0
- from 0, < 9.16.15-r0
- from 0, < 9.16.6-r0
- MEDIUM6.5CVE-2018-5741To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called u…from 0, < 9.11.5-r0
- MEDIUM5.9CVE-2026-5947Undefined behavior may result due to a race condition leading to a use-after-free violation.from 0, < 9.18.49-r0
- MEDIUM5.9CVE-2020-8617Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or…from 0, < 9.14.12-r0
- MEDIUM5.9CVE-2019-6471A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatc…from 0, < 9.14.3-r0
- MEDIUM5.9CVE-2017-3143An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the…from 0, < 9.10.4_p8-r1
- MEDIUM5.9CVE-2017-3140If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endle…from 0, < 9.11.3-r0
- from 0, < 9.11.0_p5-r0
- from 0, < 9.10.4_p6-r0
- MEDIUM5.4CVE-2026-3591A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0).from 0, < 9.20.21-r0
- MEDIUM5.3CVE-2026-5950An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenti…from 0, < 9.18.49-r0
- MEDIUM5.3CVE-2026-3592BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack.from 0, < 9.18.49-r0
- MEDIUM5.3CVE-2023-5680If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for th…from 0, < 9.16.48-r0
- from 0, < 9.16.33-r0
- MEDIUM5.3CVE-2022-0396BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition.from 0, < 9.16.27-r0
- from 0, < 9.16.27-r0
- MEDIUM5.3CVE-2019-6465Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: B…from 0, < 9.12.3_p4-r0
- MEDIUM5.3CVE-2018-5736An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND atte…from 0, < 9.12.1_p2-r0
- MEDIUM5.3CVE-2017-3138named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a contr…from 0, < 9.11.0_p5-r0
- from 0, < 9.16.4-r0
- MEDIUM4.9CVE-2020-8618An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failur…from 0, < 9.16.4-r0
- from 0, < 9.12.3_p4-r0
- MEDIUM4.3CVE-2020-8624In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.1…from 0, < 9.16.6-r0
- from 0, < 9.10.4_p8-r1