GCVE - cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.18.0:*:*:*:-:*:*:*

part: a version: 9.18.0 update: *

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	-
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.890641
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.890643

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-1975`	vulnerable	2026-06-03 14:54:35.114203	SIG(0) can be used to exhaust CPU resources HIGH (7.5) If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1. Published: 2024-07-23T14:38:57.143Z Updated: 2025-02-13T17:32:28.908Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/cve-2024-1975 http://www.openwall.com/lists/oss-security/2024/07/23/1 http://www.openwall.com/lists/oss-security/2024/07/31/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1737`	vulnerable	2026-06-03 14:54:34.451133	BIND's database will be slow if a very large number of RRs exist at the same name HIGH (7.5) Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1. Published: 2024-07-23T14:34:09.750Z Updated: 2025-02-13T17:32:25.755Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/cve-2024-1737 https://kb.isc.org/docs/rrset-limits-in-zones http://www.openwall.com/lists/oss-security/2024/07/23/1 http://www.openwall.com/lists/oss-security/2024/07/31/2	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3080`	vulnerable	2026-06-03 14:47:51.974675	BIND 9 resolvers configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly HIGH (7.5) By sending specific queries to the resolver, an attacker can cause named to crash. Published: 2022-09-21T10:15:29.861Z Updated: 2024-09-17T01:56:40.440Z Open on db.gcve.eu Reference links https://kb.isc.org/docs/cve-2022-3080 http://www.openwall.com/lists/oss-security/2022/09/21/3 https://www.debian.org/security/2022/dsa-5235 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-0635`	vulnerable	2026-06-03 14:45:56.520986	Details available HIGH (7.5) Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. Published: 2022-03-23T11:55:10.058Z Updated: 2024-09-17T02:21:44.299Z Open on db.gcve.eu Reference links https://kb.isc.org/v1/docs/cve-2022-0635 https://security.netapp.com/advisory/ntap-20220408-0001/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.