ISC BIND 9.10.0
Approved changes feed: RSS · Atom
cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*
part: a version: 9.10.0 update: *
| Vendor | Isc (4a2f2b37-98b6-5702-822d-72afcd17d050) |
|---|---|
| Product | Bind (ea404969-e27c-5a4f-ab6f-da9eff8fdf08) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.769741 |
pkg:gitlab/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.769742 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-3135 |
vulnerable | 2026-06-03 14:37:09.585635 |
Combination of DNS64 and RPZ Can Lead to Crash
HIGH (7.5)
Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
Published: 2019-01-16T20:00:00.000Z
Updated: 2024-09-16T17:53:49.488Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-9444 |
vulnerable | 2026-06-03 14:36:16.713216 |
Details available
named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer.
Published: 2017-01-12T06:06:00.000Z
Updated: 2024-08-06T02:50:38.365Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-2776 |
vulnerable | 2026-06-03 14:35:43.660628 |
Details available
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Published: 2016-09-28T10:00:00.000Z
Updated: 2024-08-05T23:32:20.918Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-2088 |
vulnerable | 2026-06-03 14:35:36.636470 |
Details available
resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option.
Published: 2016-03-09T23:00:00.000Z
Updated: 2024-08-05T23:17:50.701Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-8461 |
vulnerable | 2026-06-03 14:35:12.004367 |
Details available
Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.
Published: 2015-12-16T15:00:00.000Z
Updated: 2024-08-06T08:20:41.759Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-8000 |
vulnerable | 2026-06-03 14:35:10.828574 |
Details available
db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.
Published: 2015-12-16T15:00:00.000Z
Updated: 2024-08-06T08:06:31.443Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-4620 |
vulnerable | 2026-06-03 14:34:52.340829 |
Details available
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
Published: 2015-07-08T14:00:00.000Z
Updated: 2024-08-06T06:18:12.213Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-1349 |
vulnerable | 2026-06-03 14:34:39.255217 |
Details available
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use.
Published: 2015-02-19T02:00:00.000Z
Updated: 2024-08-06T04:40:18.567Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-8680 |
vulnerable | 2026-06-03 14:34:24.982847 |
Details available
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
Published: 2014-12-11T02:00:00.000Z
Updated: 2024-08-06T13:26:02.333Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-8500 |
vulnerable | 2026-06-03 14:34:24.170170 |
Details available
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
Published: 2014-12-11T02:00:00.000Z
Updated: 2024-08-06T13:18:48.302Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-3859 |
vulnerable | 2026-06-03 14:34:01.644313 |
Details available
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
Published: 2014-06-13T10:00:00.000Z
Updated: 2024-08-06T10:57:17.637Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-3214 |
vulnerable | 2026-06-03 14:33:53.759643 |
Details available
The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes.
Published: 2014-05-09T01:00:00.000Z
Updated: 2024-08-06T10:35:57.075Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-0382 |
vulnerable | 2026-06-03 14:30:08.533062 |
Details available
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Published: 2010-01-22T21:20:00.000Z
Updated: 2024-08-07T00:45:12.225Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2010-0290 |
vulnerable | 2026-06-03 14:30:08.081555 |
Details available
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022.
Published: 2010-01-22T21:20:00.000Z
Updated: 2024-08-07T00:45:11.627Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.