Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ISC — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting ISC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ISC, primarily known for its Internet Systems Consortium software including BIND DNS and DHCP servers, serves as critical infrastructure for global name resolution and network configuration. With 101 recorded CVEs, the project has historically faced diverse security challenges, ranging from remote code execution and buffer overflows to cross-site scripting and privilege escalation vulnerabilities. These flaws often stem from complex parsing logic or improper input validation within the core networking daemons. Notable incidents include critical DNS cache poisoning risks and denial-of-service vectors that have prompted urgent patches across major distributions. The high volume of vulnerabilities reflects the software’s pervasive deployment and the rigorous scrutiny applied to its codebase. While ISC maintains an active security response process, the sheer number of disclosed issues highlights the inherent complexity of maintaining foundational internet protocols. Continuous updates remain essential for administrators relying on these tools to ensure network stability and integrity against evolving threat landscapes.

Top products by ISC: BIND 9 BIND9 Kea ISC DHCP BIND BIND 9 Supported Preview Edition Stork Kea DHCP
CVE IDTitleCVSSSeverityPublished
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass — BIND 9CWE-562 5.4 Medium2026-03-25
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly — BIND 9CWE-617 6.5 Medium2026-03-25
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence — BIND 9CWE-772 7.5 High2026-03-25
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation — BIND 9CWE-606 7.5 High2026-03-25
CVE-2026-3608 Stack overflow in Kea daemons — KeaCWE-617 7.5 High2026-03-25
CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly — BIND 9CWE-617 7.5 High2026-01-21
CVE-2025-11232 Invalid characters cause assert — KeaCWE-823 7.5 High2025-10-29
CVE-2025-40780 Cache poisoning due to weak PRNG — BIND 9CWE-341 8.6 High2025-10-22
CVE-2025-40778 Cache poisoning attacks with unsolicited RRs — BIND 9CWE-349 8.6 High2025-10-22
CVE-2025-8677 Resource exhaustion via malformed DNSKEY handling — BIND 9CWE-405 7.5 High2025-10-22
CVE-2025-8696 DoS attack against the Stork UI from an unauthenticated user — StorkCWE-789 7.5 High2025-09-10
CVE-2025-40779 Kea crash upon interaction between specific client options and subnet selection — KeaCWE-476 7.5 High2025-08-27
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0' — BIND 9CWE-617 7.5 High2025-07-16
CVE-2025-40776 Birthday Attack against Resolvers supporting ECS — BIND 9CWE-349 8.6 High2025-07-16
CVE-2025-32803 Insecure file permissions can result in confidential information leakage — KeaCWE-276 4.0 Medium2025-05-28
CVE-2025-32802 Insecure handling of file paths allows multiple local attacks — KeaCWE-73 6.1 Medium2025-05-28
CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation — KeaCWE-94 7.8 High2025-05-28
CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure — BIND 9CWE-232 7.5 High2025-05-21
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load — BIND 9CWE-770 7.5 High2025-01-29
CVE-2024-11187 Many records in the additional section cause CPU exhaustion — BIND 9CWE-405 7.5 High2025-01-29
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content — BIND 9 7.5 High2024-07-23
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources — BIND 9 7.5 High2024-07-23
CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name — BIND 9 7.5 High2024-07-23
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable — BIND 9 7.5 High2024-07-23
CVE-2024-28872 Incorrect TLS certificate validation can lead to escalated privileges — Stork 8.9 High2024-07-11
CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition — BIND 9 7.5 High2024-02-13
CVE-2023-5680 Cleaning an ECS-enabled cache may cause excessive CPU load — BIND 9 5.3 Medium2024-02-13
CVE-2023-5679 Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution — BIND 9 7.5 High2024-02-13
CVE-2023-5517 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled — BIND 9 7.5 High2024-02-13
CVE-2023-4408 Parsing large DNS messages may cause excessive CPU load — BIND 9 7.5 High2024-02-13

This page lists every published CVE security advisory associated with ISC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.