GCVE - cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*

part: a version: 9.9.10 update: s2

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.177644
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:11.177646

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-3143`	vulnerable	2026-06-03 14:37:09.647148	An error in TSIG authentication can permit unauthorized dynamic updates HIGH (7.5) An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Published: 2019-01-16T20:00:00.000Z Updated: 2024-09-16T16:14:21.796Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/aa-01503 https://access.redhat.com/errata/RHSA-2017:1680 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us https://access.redhat.com/errata/RHSA-2017:1679 http://www.securitytracker.com/id/1038809	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-3142`	vulnerable	2026-06-03 14:37:09.644191	An error in TSIG authentication can permit unauthorized zone transfers MEDIUM (5.3) An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2. Published: 2019-01-16T20:00:00.000Z Updated: 2024-09-16T17:08:46.835Z Open on db.gcve.eu Reference links https://access.redhat.com/errata/RHSA-2017:1680 https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us https://access.redhat.com/errata/RHSA-2017:1679 http://www.securityfocus.com/bid/99339 http://www.securitytracker.com/id/1038809	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.