GCVE - cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:8:*:*:*:*:*:*:*

part: a version: 8 update: *

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.769413
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.769414

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2008-1447`	vulnerable	2026-06-03 14:28:40.756577	Details available The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." Published: 2008-07-08T23:00:00.000Z Updated: 2024-08-07T08:24:42.012Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id?1020438 https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00402.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://www.kb.cert.org/vuls/id/800113 http://secunia.com/advisories/31137	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-0527`	vulnerable	2026-06-03 14:27:21.473694	Details available BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. Published: 2006-02-02T11:00:00.000Z Updated: 2024-08-07T16:41:27.647Z Open on db.gcve.eu Reference links http://computerworld.com/networkingtopics/networking/story/0%2C10801%2C103744%2C00.html http://www.osvdb.org/22888 http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00595837 http://www.vupen.com/english/advisories/2006/0399 http://securitytracker.com/id?1015606	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-0011`	vulnerable	2026-06-03 14:25:40.737873	Details available Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. Published: 1999-09-29T04:00:00.000Z Updated: 2025-04-09T18:29:26.012Z Open on db.gcve.eu Reference links ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-1999-0010`	vulnerable	2026-06-03 14:25:40.733381	Details available Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. Published: 1999-09-29T04:00:00.000Z Updated: 2024-08-01T16:27:56.711Z Open on db.gcve.eu Reference links ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.