Search CVE reports
11 – 20 of 150 results
CVE-2023-50868
Medium prioritySome fixes available 20 of 42
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random...
7 affected packages
bind9, bind9-libs, dnsmasq, isc-dhcp, knot-resolver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| dnsmasq | Fixed | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation | Not affected |
| knot-resolver | Vulnerable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pdns-recursor | Vulnerable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| unbound | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-50387
Medium prioritySome fixes available 20 of 42
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of...
7 affected packages
bind9, bind9-libs, dnsmasq, isc-dhcp, knot-resolver...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| dnsmasq | Fixed | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation | Not affected |
| knot-resolver | Vulnerable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| pdns-recursor | Vulnerable | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| unbound | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-4408
Medium prioritySome fixes available 5 of 14
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Needs evaluation | Ignored |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-4236
Medium prioritySome fixes available 5 of 6
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-3341
Medium prioritySome fixes available 9 of 10
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| isc-dhcp | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-2829
Medium priorityA `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-2911
Medium prioritySome fixes available 7 of 10
If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Not affected | Not affected |
| bind9-libs | Not in release | Not affected | Not affected | Not in release | Not in release |
| isc-dhcp | Not affected | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2023-2828
Medium prioritySome fixes available 10 of 18
Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can...
3 affected packages
bind9, bind9-libs, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | Fixed | Fixed | Fixed | Fixed | Fixed |
| bind9-libs | Not in release | Needs evaluation | Needs evaluation | Not in release | Not in release |
| isc-dhcp | Needs evaluation | Not affected | Not affected | Needs evaluation | Not affected |
CVE-2022-3488
Medium priorityProcessing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Not affected | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |
CVE-2022-3924
Medium priorityThis issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require...
2 affected packages
bind9, isc-dhcp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bind9 | — | Fixed | Not affected | Not affected | Not affected |
| isc-dhcp | — | Not affected | Not affected | Not affected | Not affected |