GCVE - cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.16.8:s1:*:*:*:*:*:*

part: a version: 9.16.8 update: s1

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.890573
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.890574

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1975`	vulnerable	2026-06-03 14:54:35.114180	SIG(0) can be used to exhaust CPU resources HIGH (7.5) If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. Published: 2024-07-23T14:38:57.143Z Updated: 2025-02-13T17:32:28.908Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/cve-2024-1975 http://www.openwall.com/lists/oss-security/2024/07/23/1 http://www.openwall.com/lists/oss-security/2024/07/31/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1737`	vulnerable	2026-06-03 14:54:34.450055	BIND's database will be slow if a very large number of RRs exist at the same name HIGH (7.5) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Published: 2024-07-23T14:34:09.750Z Updated: 2025-02-13T17:32:25.755Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/cve-2024-1737 https://kb.isc.org/docs/rrset-limits-in-zones http://www.openwall.com/lists/oss-security/2024/07/23/1 http://www.openwall.com/lists/oss-security/2024/07/31/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2795`	vulnerable	2026-06-03 14:47:07.340782	Processing large delegations may severely degrade resolver performance MEDIUM (5.3) By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service. Published: 2022-09-21T10:15:25.796Z Updated: 2024-11-29T12:04:33.614Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/cve-2022-2795 http://www.openwall.com/lists/oss-security/2022/09/21/3 https://www.debian.org/security/2022/dsa-5235 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.