GCVE - cpe:2.3:a:isc:bind:9.4.3:p1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.4.3:p1:*:*:*:*:*:*

part: a version: 9.4.3 update: p1

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.033838
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.033840

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-9444`	vulnerable	2026-06-03 14:36:16.642908	Details available named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. Published: 2017-01-12T06:06:00.000Z Updated: 2024-08-06T02:50:38.365Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/95393 http://www.securitytracker.com/id/1037582 https://security.gentoo.org/glsa/201708-01 https://kb.isc.org/article/AA-01441/74/CVE-2016-9444 https://security.netapp.com/advisory/ntap-20180926-0005/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-5166`	vulnerable	2026-06-03 14:32:27.851235	Details available ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. Published: 2012-10-10T21:00:00.000Z Updated: 2024-08-06T20:58:03.101Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.ibm.com/support/docview.wss?uid=isg1IV30365 http://www.ibm.com/support/docview.wss?uid=isg1IV30185 http://rhn.redhat.com/errata/RHSA-2012-1363.html http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4244`	vulnerable	2026-06-03 14:32:18.082709	Details available ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. Published: 2012-09-14T00:00:00.000Z Updated: 2024-08-06T20:28:07.596Z Open on db.gcve.eu Reference links http://www.debian.org/security/2012/dsa-2547 http://www.ubuntu.com/usn/USN-1566-1 http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://marc.info/?l=bugtraq&m=141879471518471&w=2 http://secunia.com/advisories/51096	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-1667`	vulnerable	2026-06-03 14:31:44.019368	Details available ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. Published: 2012-06-05T16:00:00.000Z Updated: 2024-08-06T19:01:02.980Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDVSA-2012:089 http://www.securityfocus.com/bid/53772 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 http://secunia.com/advisories/51096 http://www.kb.cert.org/vuls/id/381699	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1910`	vulnerable	2026-06-03 14:31:04.478126	Details available Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Published: 2011-05-31T20:00:00.000Z Updated: 2024-08-06T22:46:00.521Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/795694 http://www.mandriva.com/security/advisories?name=MDVSA-2011:104 https://bugzilla.redhat.com/show_bug.cgi?id=708301 http://secunia.com/advisories/44677 http://www.securityfocus.com/bid/48007	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0382`	vulnerable	2026-06-03 14:30:08.532752	Details available ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. Published: 2010-01-22T21:20:00.000Z Updated: 2024-08-07T00:45:12.225Z Open on db.gcve.eu Reference links https://www.isc.org/advisories/CVE-2009-4022v6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7086 http://www.vupen.com/english/advisories/2010/1352 http://secunia.com/advisories/40086 http://www.vupen.com/english/advisories/2010/0622	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0290`	vulnerable	2026-06-03 14:30:08.072278	Details available Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. Published: 2010-01-22T21:20:00.000Z Updated: 2024-08-07T00:45:11.627Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=557121 http://www.vupen.com/english/advisories/2010/0176 https://rhn.redhat.com/errata/RHSA-2010-0062.html http://marc.info/?l=oss-security&m=126393609503704&w=2 https://www.isc.org/advisories/CVE-2009-4022v6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4022`	vulnerable	2026-06-03 14:29:55.559548	Details available Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional section with crafted data, which is not properly handled when the response is processed "at the same time as requesting DNSSEC records (DO)," aka Bug 20438. Published: 2009-11-25T16:00:00.000Z Updated: 2024-08-07T06:45:50.986Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7261 http://secunia.com/advisories/40730 http://secunia.com/advisories/37426 http://aix.software.ibm.com/aix/efixes/security/bind9_advisory.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10821	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.