Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ISC — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting ISC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ISC, primarily known for its Internet Systems Consortium software including BIND DNS and DHCP servers, serves as critical infrastructure for global name resolution and network configuration. With 101 recorded CVEs, the project has historically faced diverse security challenges, ranging from remote code execution and buffer overflows to cross-site scripting and privilege escalation vulnerabilities. These flaws often stem from complex parsing logic or improper input validation within the core networking daemons. Notable incidents include critical DNS cache poisoning risks and denial-of-service vectors that have prompted urgent patches across major distributions. The high volume of vulnerabilities reflects the software’s pervasive deployment and the rigorous scrutiny applied to its codebase. While ISC maintains an active security response process, the sheer number of disclosed issues highlights the inherent complexity of maintaining foundational internet protocols. Continuous updates remain essential for administrators relying on these tools to ensure network stability and integrity against evolving threat landscapes.

Top products by ISC: BIND 9 BIND9 Kea ISC DHCP BIND BIND 9 Supported Preview Edition Stork Kea DHCP
CVE IDTitleCVSSSeverityPublished
CVE-2020-8624 update-policy rules of type "subdomain" are enforced incorrectly — BIND9 4.3 Medium2020-08-21
CVE-2020-8620 Internet Systems Consortium BIND server 安全漏洞 — BIND9 7.5 High2020-08-21
CVE-2020-8621 Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c — BIND9 7.5 High2020-08-21
CVE-2020-8622 A truncated TSIG response can lead to an assertion failure — BIND9 6.5 Medium2020-08-21
CVE-2020-8619 A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer — BIND9 4.9 Medium2020-06-17
CVE-2020-8618 A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer — BIND9 4.9 Medium2020-06-17
CVE-2020-8616 BIND does not sufficiently limit the number of fetches performed when processing referrals — BIND9 8.6 High2020-05-19
CVE-2020-8617 A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c — BIND9 7.5 High2020-05-19
CVE-2019-6477 TCP-pipelined queries can bypass tcp-clients limit — BIND9 7.5 High2019-11-26
CVE-2019-6476 An error in QNAME minimization code can cause BIND to exit with an assertion failure — BIND 9 5.9 Medium2019-10-17
CVE-2019-6475 A flaw in mirror zone validity checking can allow zone data to be spoofed — BIND 9 5.9 Medium2019-10-17
CVE-2019-6472 A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate — Kea 6.5 Medium2019-10-16
CVE-2019-6473 A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate — Kea 6.5 Medium2019-10-16
CVE-2019-6474 A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate — Kea 5.7 Medium2019-10-16
CVE-2019-6469 BIND Supported Preview Edition can exit with an assertion failure if ECS is in use — BIND 9 Supported Preview Edition 7.5 -2019-10-09
CVE-2019-6471 A race condition when discarding malformed packets can cause BIND to exit with an assertion failure — BIND 9 5.9 -2019-10-09
CVE-2018-5732 A specially constructed response from a malicious server can cause a buffer overflow in dhclient — ISC DHCP 7.5 -2019-10-09
CVE-2018-5743 Limiting simultaneous TCP clients was ineffective — BIND 9--2019-10-09
CVE-2018-5744 A specially crafted packet can cause named to leak memory — BIND 9 7.5 -2019-10-09
CVE-2018-5745 An assertion failure can occur if a trust anchor rolls over to an unsupported key algorithm when using managed-keys — BIND 9 4.9 -2019-10-09
CVE-2019-6465 Zone transfer controls for writable DLZ zones were not effective — BIND 9 5.3 -2019-10-09
CVE-2019-6467 An error in the nxdomain redirect feature can cause BIND to exit with an INSIST assertion failure in query.c — BIND 9 5.9 -2019-10-09
CVE-2019-6468 BIND Supported Preview Edition can exit with an assertion failure if nxdomain-redirect is used — BIND 9 Supported Preview Edition 7.5 -2019-10-09
CVE-2016-9778 An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c — BIND 9 5.9 -2019-01-16
CVE-2017-3135 Combination of DNS64 and RPZ Can Lead to Crash — BIND 9 5.9 -2019-01-16
CVE-2017-3136 An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;" — BIND 9 5.9 -2019-01-16
CVE-2017-3137 A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME — BIND 9 7.5 -2019-01-16
CVE-2017-3138 named exits with a REQUIRE assertion failure if it receives a null command string on its control channel — BIND 9 5.3 -2019-01-16
CVE-2017-3140 An error processing RPZ rules can cause named to loop endlessly after handling a query — BIND 9 7.5 -2019-01-16
CVE-2017-3141 Windows service and uninstall paths are not quoted when BIND is installed — BIND 9 7.8 -2019-01-16

This page lists every published CVE security advisory associated with ISC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.