GCVE - cpe:2.3:a:isc:bind:9.4:*:*:*:esv:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.4:*:*:*:esv:*:*:*

part: a version: 9.4 update: *

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	esv
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.033880
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.033881

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-9444`	vulnerable	2026-06-03 14:36:16.626193	Details available named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. Published: 2017-01-12T06:06:00.000Z Updated: 2024-08-06T02:50:38.365Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/95393 http://www.securitytracker.com/id/1037582 https://security.gentoo.org/glsa/201708-01 https://kb.isc.org/article/AA-01441/74/CVE-2016-9444 https://security.netapp.com/advisory/ntap-20180926-0005/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-5166`	vulnerable	2026-06-03 14:32:27.834426	Details available ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. Published: 2012-10-10T21:00:00.000Z Updated: 2024-08-06T20:58:03.101Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.ibm.com/support/docview.wss?uid=isg1IV30365 http://www.ibm.com/support/docview.wss?uid=isg1IV30185 http://rhn.redhat.com/errata/RHSA-2012-1363.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4244`	vulnerable	2026-06-03 14:32:18.061836	Details available ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. Published: 2012-09-14T00:00:00.000Z Updated: 2024-08-06T20:28:07.596Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2547 http://www.ubuntu.com/usn/USN-1566-1 http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/51096	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1667`	vulnerable	2026-06-03 14:31:44.004035	Details available ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. Published: 2012-06-05T16:00:00.000Z Updated: 2024-08-06T19:01:02.980Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2012:089 http://www.securityfocus.com/bid/53772 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 http://secunia.com/advisories/51096 http://www.kb.cert.org/vuls/id/381699	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-4313`	vulnerable	2026-06-03 14:31:23.921484	Details available query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver. Published: 2011-11-29T17:00:00.000Z Updated: 2024-08-07T00:01:51.597Z Open on db.gcve.eu Reference links http://marc.info/?l=bugtraq&m=133978480208466&w=2 http://www.redhat.com/support/errata/RHSA-2011-1459.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14343 http://marc.info/?l=bugtraq&m=141879471518471&w=2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1910`	vulnerable	2026-06-03 14:31:04.461749	Details available Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Published: 2011-05-31T20:00:00.000Z Updated: 2024-08-06T22:46:00.521Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/795694 http://www.mandriva.com/security/advisories?name=MDVSA-2011:104 https://bugzilla.redhat.com/show_bug.cgi?id=708301 http://secunia.com/advisories/44677 http://www.securityfocus.com/bid/48007	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-3614`	vulnerable	2026-06-03 14:30:32.323831	Details available named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV before 9.4-ESV-R4, and 9.6-ESV before 9.6-ESV-R3 does not properly determine the security status of an NS RRset during a DNSKEY algorithm rollover, which might allow remote attackers to cause a denial of service (DNSSEC validation error) by triggering a rollover. Published: 2010-12-03T20:00:00.000Z Updated: 2024-08-07T03:18:52.898Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2010/3139 http://www.isc.org/announcement/guidance-regarding-dec-1st-2010-security-advisories http://www.mandriva.com/security/advisories?name=MDVSA-2010:253 http://securitytracker.com/id?1024817 http://secunia.com/advisories/42459	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0097`	vulnerable	2026-06-03 14:30:01.993730	Details available ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. Published: 2010-01-22T21:20:00.000Z Updated: 2024-08-07T00:37:53.920Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2010/0176 http://www.osvdb.org/61853 https://rhn.redhat.com/errata/RHSA-2010-0062.html http://www.securityfocus.com/bid/37865 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7212	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.