Issues · ISC Open Source Projects / BIND · GitLab

[CVE-2021-25218] named crashes when trying to send a UDP packet exceeding MTU with RRL enabled 14 of 14 tasks completed

#2856 · created Aug 10, 2021 by Michał Kępień August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17) Bug Critical Release Notes Security v9.16 v9.17 (EoL)
- CLOSED
- 6
updated Apr 26, 2022
[CVE-2021-25220] DNS Cache Poisoning Vulnerability 15 of 15 tasks completed

#2950 · created Oct 12, 2021 by Ondřej Surý March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1) Affects v9.11 (EoL) Affects v9.16 Affects v9.18 Affects v9.19 Bug Critical Release Notes Resolver Security v9.11 (EoL) v9.16 v9.18 v9.19
- CLOSED
- 1
- 53
updated Apr 22, 2022
[CVE-2022-0635] DNAME lookups can trigger INSIST when synth-from-dnssec is enabled 15 of 15 tasks completed

#3158 · created Feb 16, 2022 by Michal Nowak March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1) Affects v9.18 Affects v9.19 Bug Critical Customer Release Notes Resolver Security v9.18 v9.19
- CLOSED
- 1
- 13
updated Apr 21, 2022
[CVE-2022-0396] DoS in BIND via lingering TCP sockets stuck in CLOSE-WAIT 15 of 15 tasks completed

#3112 · created Jan 26, 2022 by Dan Theisen March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1) Affects v9.16 Affects v9.18 Affects v9.19 Bug Critical Customer Network Manager Release Notes Security v9.16 v9.18 v9.19
- CLOSED
- 2
- 6
updated Apr 21, 2022
[CVE-2022-0667] assertion failure on delayed DS lookup 15 of 15 tasks completed

#3129 · created Feb 08, 2022 by Petr Špaček March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1) Affects v9.18 Affects v9.19 Bug Critical Release Notes Resolver Security v9.18 v9.19
- CLOSED
- 1
- 11
updated Apr 21, 2022
premature TCP connection closure leaks fetch contexts (hang on shutdown)

#3026 · created Nov 25, 2021 by Petr Špaček December 2021 (9.16.24, 9.16.24-S1, 9.17.21) Affects v9.17 (EoL) Bug Critical Release Notes Resolver v9.17 (EoL)
- CLOSED
- 1
- 0
updated Dec 06, 2021
buffer overwrite in stats channel

#2973 · created Oct 22, 2021 by Evan Hunt November 2021 (9.16.23, 9.16.23-S1, 9.17.20) Affects v9.17 (EoL) Bug Critical v9.17 (EoL)
- CLOSED
- 1
- 1
updated Dec 03, 2021
Broken ECDSA signatures may be generated with certain private keys

#3014 · created Nov 17, 2021 by Mark Andrews December 2021 (9.16.24, 9.16.24-S1, 9.17.21) Affects v9.17 (EoL) Bug Critical v9.17 (EoL)
- CLOSED
- 1
- 15
updated Nov 22, 2021
repeated `rndc reload` or `rndc reconfig` on bind 9.11.3 and 9.11.4 causes named memory usage to grow.

#446 · created Jul 31, 2018 by Alex Maestas Critical Customer v9.11 (EoL)
- CLOSED
- 17
updated Oct 04, 2021
map file format incompatibility causes crash (v9.16.19 -> v9.16.20)

#2872 · created Aug 19, 2021 by Petr Menšík September 2021 (9.16.21, 9.16.21-S1, 9.17.18) Authoritative Bug Critical Release Notes v9.16 v9.17 (EoL)
- CLOSED
- 1
- 18
updated Aug 31, 2021
W or w characters in domain names are altered to "\000"

#2779 · created Jun 17, 2021 by Sean Zhang June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15) Bug Critical Release Notes v9.16 v9.17 (EoL)
- CLOSED
- 1
- 18
updated Jun 21, 2021
[CVE-2021-25214] A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly 13 of 13 tasks completed

#2467 · created Feb 02, 2021 by Brian Conry April 2021 (9.11.30/9.11.31, 9.11.30-S1/9.11.31-S1, 9.16.14/9.16.15, 9.16.14-S1/9.16.15-S1, 9.17.12) Authoritative Bug Critical Customer Release Notes Security v9.11 (EoL) v9.16 v9.17 (EoL)
- CLOSED
- 1
- 21
updated Jun 10, 2021
BIND 9.16.11 fails to return large response with libuv error

#2487 · created Feb 10, 2021 by Anand Buddhdev March 2021 (9.11.29, 9.11.29-S1, 9.16.13, 9.16.13-S1, 9.17.11) Bug Critical Customer Network Manager v9.16 v9.17 (EoL)
- CLOSED
- 1
- 4
updated Jun 09, 2021
When BIND is built with --with-tuning=large, we're setting RCVBUFSIZE far too big for most production servers

#1713 · created Mar 27, 2020 by Cathy Almond May 2020 (9.11.19, 9.11.19-S1, 9.14.12, 9.16.3) Critical Customer Release Notes v9.16 v9.17 (EoL)
- CLOSED
- 1
- 1
updated May 17, 2021
[CVE-2021-25216] ZDI-CAN-13347: A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack 13 of 13 tasks completed

#2604 · created Mar 31, 2021 by Ondřej Surý April 2021 (9.11.30/9.11.31, 9.11.30-S1/9.11.31-S1, 9.16.14/9.16.15, 9.16.14-S1/9.16.15-S1, 9.17.12) Critical Security v9.11 (EoL) v9.16
- CLOSED
- 15
updated Apr 29, 2021
[CVE-2018-5737] serve-stale crash

#185 · created Mar 27, 2018 by Tony Finch Bug Critical Resolver Security
- CLOSED
- 2
- 34
updated Mar 31, 2021
New stale-answer-client-timeout crashes BIND 9.16 and 9.17

#2503 · created Feb 19, 2021 by Ondřej Surý March 2021 (9.11.29, 9.11.29-S1, 9.16.13, 9.16.13-S1, 9.17.11) Bug Critical Customer Release Notes v9.11-S (EoL) v9.16 v9.17 (EoL)
- CLOSED
- 1
- 1
updated Mar 03, 2021
TLS/DoT configuration parsing

#1815 · created May 06, 2020 by Witold Krecicki February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10) Critical
- CLOSED
- 2
updated Feb 03, 2021
[CVE-2020-8623] A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

#2037 · created Jul 21, 2020 by Ondřej Surý August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4) Bug Critical Release Notes Security v9.11 (EoL) v9.16 v9.17 (EoL)
- CLOSED
- 2
- 7
updated Nov 27, 2020
Investigate pipeline system test failure

#2204 · created Oct 07, 2020 by Mark Andrews October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6) Bug Critical v9.11 (EoL) v9.16 v9.17 (EoL)
- CLOSED
- 1
- 1
updated Oct 08, 2020

Prev
1
2
3
4
Next