Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BIND 9 — Vulnerabilities & Security Advisories 54

All 54 CVE vulnerabilities found in BIND 9, with AI-generated Chinese analysis, references, and POCs.

This page documents security vulnerabilities associated with the BIND 9 product developed by ISC. It aggregates findings related to various weakness types, including buffer overflows, denial of service conditions, and incorrect access control implementations. The database collects vulnerability data ranging from early releases in the late 1990s through recent updates in 2023, ensuring comprehensive coverage of the product’s historical security landscape. Here, you can track vendor advisories from the Internet Systems Consortium to understand the timeline and impact of reported issues. The page allows users to understand specific weakness classes by analyzing how they manifest within the BIND DNS software architecture. Researchers and administrators can look up a product’s vulnerability history to assess the cumulative security posture of their deployments. This resource supports informed decision-making regarding patching strategies and configuration hardening. By presenting a consolidated view of known defects, the page highlights recurring patterns in DNS server security, such as race conditions in query processing or flaws in zone file parsing. The information is structured to facilitate deep dives into individual security incidents without requiring external searches. It serves as a reference for understanding the evolution of security controls within BIND 9. Users can correlate specific versions with identified risks to prioritize remediation efforts effectively. This approach provides clarity on the scope of exposure for systems relying on this widely used name server software.

Vendor: ISC

CVE IDTitleCVSSSeverityPublished
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass CWE-562 5.4 Medium2026-03-25
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly CWE-617 6.5 Medium2026-03-25
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence CWE-772 7.5 High2026-03-25
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation CWE-606 7.5 High2026-03-25
CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly CWE-617 7.5 High2026-01-21
CVE-2025-40780 Cache poisoning due to weak PRNG CWE-341 8.6 High2025-10-22
CVE-2025-40778 Cache poisoning attacks with unsolicited RRs CWE-349 8.6 High2025-10-22
CVE-2025-8677 Resource exhaustion via malformed DNSKEY handling CWE-405 7.5 High2025-10-22
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0' CWE-617 7.5 High2025-07-16
CVE-2025-40776 Birthday Attack against Resolvers supporting ECS CWE-349 8.6 High2025-07-16
CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure CWE-232 7.5 High2025-05-21
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load CWE-770 7.5 High2025-01-29
CVE-2024-11187 Many records in the additional section cause CPU exhaustion CWE-405 7.5 High2025-01-29
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content 7.5 High2024-07-23
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources 7.5 High2024-07-23
CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name 7.5 High2024-07-23
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable 7.5 High2024-07-23
CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition 7.5 High2024-02-13
CVE-2023-5680 Cleaning an ECS-enabled cache may cause excessive CPU load 5.3 Medium2024-02-13
CVE-2023-5679 Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution 7.5 High2024-02-13
CVE-2023-5517 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled 7.5 High2024-02-13
CVE-2023-4408 Parsing large DNS messages may cause excessive CPU load 7.5 High2024-02-13
CVE-2023-4236 named may terminate unexpectedly under high DNS-over-TLS query load 7.5 High2023-09-20
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly 7.5 High2023-09-20
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 7.5 High2023-06-21
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled 7.5 High2023-06-21
CVE-2023-2828 named's configured cache size limit can be significantly exceeded 7.5 High2023-06-21
CVE-2022-3924 named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota 7.5 High2023-01-25
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries 7.5 High2023-01-25
CVE-2022-3488 named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries 7.5 High2023-01-25

All 54 known CVE vulnerabilities affecting BIND 9 with full Chinese analysis, references, and POCs where available.