GCVE - cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*

part: a version: 9.9.9 update: p1

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.177896
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.177898

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-3138`	vulnerable	2026-06-03 14:37:09.623422	named exits with a REQUIRE assertion failure if it receives a null command string on its control channel MEDIUM (6.5) named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9. Published: 2019-01-16T20:00:00.000Z Updated: 2024-09-16T22:40:54.323Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1038260 http://www.securityfocus.com/bid/97657 https://security.gentoo.org/glsa/201708-01 https://security.netapp.com/advisory/ntap-20180802-0002/ https://www.debian.org/security/2017/dsa-3854	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9444`	vulnerable	2026-06-03 14:36:16.711902	Details available named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. Published: 2017-01-12T06:06:00.000Z Updated: 2024-08-06T02:50:38.365Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/95393 http://www.securitytracker.com/id/1037582 https://security.gentoo.org/glsa/201708-01 https://kb.isc.org/article/AA-01441/74/CVE-2016-9444 https://security.netapp.com/advisory/ntap-20180926-0005/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9131`	vulnerable	2026-06-03 14:36:15.604613	Details available named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed response to an RTYPE ANY query. Published: 2017-01-12T06:06:00.000Z Updated: 2024-08-06T02:42:10.552Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1037582 https://security.gentoo.org/glsa/201708-01 https://kb.isc.org/article/AA-01439/74/CVE-2016-9131 http://www.securityfocus.com/bid/95386 https://security.netapp.com/advisory/ntap-20180926-0005/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-8864`	vulnerable	2026-06-03 14:36:14.958308	Details available named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. Published: 2016-11-02T17:00:00.000Z Updated: 2024-08-06T02:35:02.198Z Open on db.gcve.eu Reference links https://kb.isc.org/article/AA-01438 http://rhn.redhat.com/errata/RHSA-2016-2871.html http://www.securitytracker.com/id/1037156 https://security.netapp.com/advisory/ntap-20180926-0005/ http://www.debian.org/security/2016/dsa-3703	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6170`	vulnerable	2026-06-03 14:35:57.135162	Details available ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. Published: 2016-07-06T14:00:00.000Z Updated: 2024-08-06T01:22:20.635Z Open on db.gcve.eu Reference links https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015075.html https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015073.html http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.securitytracker.com/id/1036241 https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2775`	vulnerable	2026-06-03 14:35:43.631851	Details available ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. Published: 2016-07-19T22:00:00.000Z Updated: 2024-08-05T23:32:20.813Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ5STNEUHBNEPUHJT7CYEVSMATFYMIX7/ https://kb.isc.org/article/AA-01438 https://access.redhat.com/errata/RHBA-2017:1767 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TT754KDUJTKOASJODJX7FKHCOQ6EC7UX/ http://www.securityfocus.com/bid/92037	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.