GCVE - cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:4.9.7:*:*:*:*:*:*:*

part: a version: 4.9.7 update: *

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.769397
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.769398

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2002-2213`	vulnerable	2026-06-03 14:26:23.482492	Details available The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. Published: 2006-05-23T16:00:00.000Z Updated: 2024-09-16T21:08:51.276Z Open on db.gcve.eu Reference links http://www.imconf.net/imw-2002/imw2002-papers/198.pdf http://www.kb.cert.org/vuls/id/457875 http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2212`	vulnerable	2026-06-03 14:26:23.472043	Details available The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. Published: 2006-05-23T16:00:00.000Z Updated: 2024-09-16T23:42:25.949Z Open on db.gcve.eu Reference links http://www.imconf.net/imw-2002/imw2002-papers/198.pdf http://www.kb.cert.org/vuls/id/457875 http://www.kb.cert.org/vuls/id/IAFY-5FDT5K http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-2211`	vulnerable	2026-06-03 14:26:23.460186	Details available BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. Published: 2006-05-23T16:00:00.000Z Updated: 2024-08-08T03:51:17.718Z Open on db.gcve.eu Reference links http://secunia.com/advisories/20217 http://www.imconf.net/imw-2002/imw2002-papers/198.pdf http://www.securityfocus.com/archive/1/434523/100/0/threaded http://www.kb.cert.org/vuls/id/IAFY-5FDPYP http://www.kb.cert.org/vuls/id/457875	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-1219`	vulnerable	2026-06-03 14:26:16.128431	Details available Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Published: 2004-09-01T04:00:00.000Z Updated: 2024-08-08T03:19:28.643Z Open on db.gcve.eu Reference links http://www.cert.org/advisories/CA-2002-31.html http://www.isc.org/products/BIND/bind-security.html http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P http://www.securityfocus.com/bid/6160	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2002-0029`	vulnerable	2026-06-03 14:26:13.089388	Details available Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. Published: 2002-11-21T05:00:00.000Z Updated: 2024-08-08T02:35:17.387Z Open on db.gcve.eu Reference links http://www.iss.net/security_center/static/10624.php ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc http://www.cert.org/advisories/CA-2002-31.html http://www.securityfocus.com/bid/6186 http://www.kb.cert.org/vuls/id/844360	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-0013`	vulnerable	2026-06-03 14:26:00.804405	Details available Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. Published: 2001-05-07T04:00:00.000Z Updated: 2024-08-08T04:06:54.651Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2001-007.html http://www.nai.com/research/covert/advisories/047.asp http://www.securityfocus.com/bid/2309 http://www.cert.org/advisories/CA-2001-02.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-0012`	vulnerable	2026-06-03 14:26:00.803869	Details available BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. Published: 2001-05-07T04:00:00.000Z Updated: 2024-08-08T04:06:54.513Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2001-007.html http://www.debian.org/security/2001/dsa-026 http://www.nai.com/research/covert/advisories/047.asp http://www.cert.org/advisories/CA-2001-02.html http://www.securityfocus.com/bid/2321	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2001-0011`	vulnerable	2026-06-03 14:26:00.803356	Details available Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. Published: 2001-05-07T04:00:00.000Z Updated: 2024-08-08T04:06:55.356Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2001-007.html http://www.nai.com/research/covert/advisories/047.asp http://www.securityfocus.com/bid/2307 http://www.cert.org/advisories/CA-2001-02.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-0849`	vulnerable	2026-06-03 14:25:41.632876	Details available Denial of service in BIND named via maxdname. Published: 2000-01-04T05:00:00.000Z Updated: 2024-08-01T16:48:38.123Z Open on db.gcve.eu Reference links ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt http://www.securityfocus.com/bid/788 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.