ISC BIND 9.18.11 S1 Supported Preview Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:isc:bind:9.18.11:s1:*:*:supported_preview:*:*:*
part: a version: 9.18.11 update: s1
| Vendor | Isc (4a2f2b37-98b6-5702-822d-72afcd17d050) |
|---|---|
| Product | Bind (ea404969-e27c-5a4f-ab6f-da9eff8fdf08) |
| Edition | * |
| Language | * |
| Software edition | supported_preview |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.890655 |
pkg:gitlab/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.890656 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-1975 |
vulnerable | 2026-06-03 14:54:35.114225 |
SIG(0) can be used to exhaust CPU resources
HIGH (7.5)
If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.
Published: 2024-07-23T14:38:57.143Z
Updated: 2025-02-13T17:32:28.908Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1737 |
vulnerable | 2026-06-03 14:54:34.452028 |
BIND's database will be slow if a very large number of RRs exist at the same name
HIGH (7.5)
Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Published: 2024-07-23T14:34:09.750Z
Updated: 2025-02-13T17:32:25.755Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5680 |
vulnerable | 2026-06-03 14:53:49.368887 |
Cleaning an ECS-enabled cache may cause excessive CPU load
MEDIUM (5.3)
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Published: 2024-02-13T14:05:19.783Z
Updated: 2025-03-17T15:04:41.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5679 |
vulnerable | 2026-06-03 14:53:49.355963 |
Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution
HIGH (7.5)
A bad interaction between DNS64 and serve-stale may cause `named` to crash with an assertion failure during recursive resolution, when both of these features are enabled.
This issue affects BIND 9 versions 9.16.12 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.12-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Published: 2024-02-13T14:05:06.688Z
Updated: 2025-03-28T23:51:12.042Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-5517 |
vulnerable | 2026-06-03 14:53:48.892636 |
Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled
HIGH (7.5)
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Published: 2024-02-13T14:04:54.389Z
Updated: 2025-02-13T17:25:39.556Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4408 |
vulnerable | 2026-06-03 14:53:27.976030 |
Parsing large DNS messages may cause excessive CPU load
HIGH (7.5)
The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected `named` instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers.
This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Published: 2024-02-13T14:04:17.519Z
Updated: 2025-03-14T16:16:25.564Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-4236 |
vulnerable | 2026-06-03 14:53:27.600865 |
named may terminate unexpectedly under high DNS-over-TLS query load
HIGH (7.5)
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.
This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.
Published: 2023-09-20T12:32:16.631Z
Updated: 2025-02-13T17:09:18.327Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.