Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ISC — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting ISC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ISC, primarily known for its Internet Systems Consortium software including BIND DNS and DHCP servers, serves as critical infrastructure for global name resolution and network configuration. With 101 recorded CVEs, the project has historically faced diverse security challenges, ranging from remote code execution and buffer overflows to cross-site scripting and privilege escalation vulnerabilities. These flaws often stem from complex parsing logic or improper input validation within the core networking daemons. Notable incidents include critical DNS cache poisoning risks and denial-of-service vectors that have prompted urgent patches across major distributions. The high volume of vulnerabilities reflects the software’s pervasive deployment and the rigorous scrutiny applied to its codebase. While ISC maintains an active security response process, the sheer number of disclosed issues highlights the inherent complexity of maintaining foundational internet protocols. Continuous updates remain essential for administrators relying on these tools to ensure network stability and integrity against evolving threat landscapes.

Top products by ISC: BIND 9 BIND9 Kea ISC DHCP BIND BIND 9 Supported Preview Edition Stork Kea DHCP
CVE IDTitleCVSSSeverityPublished
CVE-2023-4236 named may terminate unexpectedly under high DNS-over-TLS query load — BIND 9 7.5 High2023-09-20
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly — BIND 9 7.5 High2023-09-20
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 — BIND 9 7.5 High2023-06-21
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled — BIND 9 7.5 High2023-06-21
CVE-2023-2828 named's configured cache size limit can be significantly exceeded — BIND 9 7.5 High2023-06-21
CVE-2022-3924 named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota — BIND 9 7.5 High2023-01-25
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries — BIND 9 7.5 High2023-01-25
CVE-2022-3488 named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries — BIND 9 7.5 High2023-01-25
CVE-2022-3094 An UPDATE message flood may cause named to exhaust all available memory — BIND 9 7.5 High2023-01-25
CVE-2022-2929 DHCP memory leak — ISC DHCP 6.5 Medium2022-10-07
CVE-2022-2928 An option refcount overflow exists in dhcpd — ISC DHCP 6.5 Medium2022-10-07
CVE-2022-3080 BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly — BIND9 7.5 High2022-09-21
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code — BIND9 7.5 High2022-09-21
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code — BIND9 7.5 High2022-09-21
CVE-2022-2881 Buffer overread in statistics channel code — BIND9 5.5 Medium2022-09-21
CVE-2022-2906 Memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only) — BIND9 7.5 High2022-09-21
CVE-2022-2795 Processing large delegations may severely degrade resolver performance — BIND9 5.3 Medium2022-09-21
CVE-2022-1183 Destroying a TLS session early causes assertion failure — BIND9 7.5 High2022-05-19
CVE-2021-25220 DNS forwarders - cache poisoning vulnerability — BIND 6.8 Medium2022-03-23
CVE-2022-0635 ISC BIND 安全漏洞 — BIND 7.5 High2022-03-23
CVE-2022-0396 DoS from specifically crafted TCP packets — BIND 5.3 Medium2022-03-23
CVE-2022-0667 Assertion failure on delayed DS lookup — BIND 7.5 High2022-03-22
CVE-2021-25219 Lame cache can be abused to severely degrade resolver performance — BIND9 5.3 Medium2021-10-27
CVE-2021-25218 A too-strict assertion check could be triggered when responses in BIND 9.16.19 and 9.17.16 require UDP fragmentation if RRL is in use — BIND9 7.5 High2021-08-18
CVE-2021-25217 A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient — ISC DHCP 7.4 High2021-05-26
CVE-2021-25215 An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself — BIND9 7.5 High2021-04-29
CVE-2021-25216 A second vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack — BIND9 8.1 High2021-04-29
CVE-2021-25214 A broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly — BIND9 6.5 Medium2021-04-29
CVE-2020-8625 A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack — BIND9 8.1 High2021-02-17
CVE-2020-8623 A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c — BIND9 7.5 High2020-08-21

This page lists every published CVE security advisory associated with ISC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.