Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ISC — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting ISC. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ISC, primarily known for its Internet Systems Consortium software including BIND DNS and DHCP servers, serves as critical infrastructure for global name resolution and network configuration. With 101 recorded CVEs, the project has historically faced diverse security challenges, ranging from remote code execution and buffer overflows to cross-site scripting and privilege escalation vulnerabilities. These flaws often stem from complex parsing logic or improper input validation within the core networking daemons. Notable incidents include critical DNS cache poisoning risks and denial-of-service vectors that have prompted urgent patches across major distributions. The high volume of vulnerabilities reflects the software’s pervasive deployment and the rigorous scrutiny applied to its codebase. While ISC maintains an active security response process, the sheer number of disclosed issues highlights the inherent complexity of maintaining foundational internet protocols. Continuous updates remain essential for administrators relying on these tools to ensure network stability and integrity against evolving threat landscapes.

Found 54 results / 101Clear Filters
Top products by ISC: BIND 9 BIND9 Kea ISC DHCP BIND BIND 9 Supported Preview Edition Stork Kea DHCP
CVE IDTitleCVSSSeverityPublished
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass — BIND 9CWE-562 5.4 Medium2026-03-25
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly — BIND 9CWE-617 6.5 Medium2026-03-25
CVE-2026-3104 Memory leak in code preparing DNSSEC proofs of non-existence — BIND 9CWE-772 7.5 High2026-03-25
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation — BIND 9CWE-606 7.5 High2026-03-25
CVE-2025-13878 Malformed BRID/HHIT records can cause named to terminate unexpectedly — BIND 9CWE-617 7.5 High2026-01-21
CVE-2025-40780 Cache poisoning due to weak PRNG — BIND 9CWE-341 8.6 High2025-10-22
CVE-2025-40778 Cache poisoning attacks with unsolicited RRs — BIND 9CWE-349 8.6 High2025-10-22
CVE-2025-8677 Resource exhaustion via malformed DNSKEY handling — BIND 9CWE-405 7.5 High2025-10-22
CVE-2025-40777 A possible assertion failure when 'stale-answer-client-timeout' is set to '0' — BIND 9CWE-617 7.5 High2025-07-16
CVE-2025-40776 Birthday Attack against Resolvers supporting ECS — BIND 9CWE-349 8.6 High2025-07-16
CVE-2025-40775 DNS message with invalid TSIG causes an assertion failure — BIND 9CWE-232 7.5 High2025-05-21
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load — BIND 9CWE-770 7.5 High2025-01-29
CVE-2024-11187 Many records in the additional section cause CPU exhaustion — BIND 9CWE-405 7.5 High2025-01-29
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content — BIND 9 7.5 High2024-07-23
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources — BIND 9 7.5 High2024-07-23
CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name — BIND 9 7.5 High2024-07-23
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable — BIND 9 7.5 High2024-07-23
CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition — BIND 9 7.5 High2024-02-13
CVE-2023-5680 Cleaning an ECS-enabled cache may cause excessive CPU load — BIND 9 5.3 Medium2024-02-13
CVE-2023-5679 Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution — BIND 9 7.5 High2024-02-13
CVE-2023-5517 Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled — BIND 9 7.5 High2024-02-13
CVE-2023-4408 Parsing large DNS messages may cause excessive CPU load — BIND 9 7.5 High2024-02-13
CVE-2023-4236 named may terminate unexpectedly under high DNS-over-TLS query load — BIND 9 7.5 High2023-09-20
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly — BIND 9 7.5 High2023-09-20
CVE-2023-2911 Exceeding the recursive-clients quota may cause named to terminate unexpectedly when stale-answer-client-timeout is set to 0 — BIND 9 7.5 High2023-06-21
CVE-2023-2829 Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled — BIND 9 7.5 High2023-06-21
CVE-2023-2828 named's configured cache size limit can be significantly exceeded — BIND 9 7.5 High2023-06-21
CVE-2022-3924 named configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota — BIND 9 7.5 High2023-01-25
CVE-2022-3736 named configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries — BIND 9 7.5 High2023-01-25
CVE-2022-3488 named may terminate unexpectedly when processing ECS options in repeated responses to iterative queries — BIND 9 7.5 High2023-01-25

This page lists every published CVE security advisory associated with ISC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.