ISC BIND 9.10.5 S1
Approved changes feed: RSS · Atom
cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*
part: a version: 9.10.5 update: s1
| Vendor | Isc (4a2f2b37-98b6-5702-822d-72afcd17d050) |
|---|---|
| Product | Bind (ea404969-e27c-5a4f-ab6f-da9eff8fdf08) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.814557 |
pkg:gitlab/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.814559 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-5734 |
vulnerable | 2026-06-03 14:38:58.423544 |
A malformed request can trigger an assertion failure in badcache.c
HIGH (7.5)
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of the expected information. Affects BIND 9.10.5-S1 to 9.10.5-S4, 9.10.6-S1, 9.10.6-S2.
Published: 2019-01-16T20:00:00.000Z
Updated: 2024-09-17T02:31:46.321Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-3145 |
vulnerable | 2026-06-03 14:37:09.676494 |
Improper fetch cleanup sequencing in the resolver can cause named to crash
HIGH (7.5)
BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.
Published: 2019-01-16T20:00:00.000Z
Updated: 2024-09-17T00:10:46.349Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-3143 |
vulnerable | 2026-06-03 14:37:09.647188 |
An error in TSIG authentication can permit unauthorized dynamic updates
HIGH (7.5)
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Published: 2019-01-16T20:00:00.000Z
Updated: 2024-09-16T16:14:21.796Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-3142 |
vulnerable | 2026-06-03 14:37:09.644817 |
An error in TSIG authentication can permit unauthorized zone transfers
MEDIUM (5.3)
An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2.
Published: 2019-01-16T20:00:00.000Z
Updated: 2024-09-16T17:08:46.835Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-3140 |
vulnerable | 2026-06-03 14:37:09.639816 |
An error processing RPZ rules can cause named to loop endlessly after handling a query
LOW (3.7)
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
Published: 2019-01-16T20:00:00.000Z
Updated: 2024-09-17T04:10:30.985Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.