ISC BIND 9.11.3 S4 Supported Preview Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:isc:bind:9.11.3:s4:*:*:supported_preview:*:*:*
part: a version: 9.11.3 update: s4
| Vendor | Isc (4a2f2b37-98b6-5702-822d-72afcd17d050) |
|---|---|
| Product | Bind (ea404969-e27c-5a4f-ab6f-da9eff8fdf08) |
| Edition | * |
| Language | * |
| Software edition | supported_preview |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.839747 |
pkg:gitlab/isc-projects/bind9 |
purl2cpe | 2026-06-01 10:15:10.839749 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-5680 |
vulnerable | 2026-06-03 14:53:49.360720 |
Cleaning an ECS-enabled cache may cause excessive CPU load
MEDIUM (5.3)
If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance.
This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
Published: 2024-02-13T14:05:19.783Z
Updated: 2025-03-17T15:04:41.734Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3341 |
vulnerable | 2026-06-03 14:52:40.520036 |
A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
HIGH (7.5)
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.
This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.
Published: 2023-09-20T12:32:03.073Z
Updated: 2025-12-02T20:15:58.967Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38178 |
vulnerable | 2026-06-03 14:47:49.422373 |
Memory leaks in EdDSA DNSSEC verification code
HIGH (7.5)
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.
Published: 2022-09-21T10:15:29.078Z
Updated: 2025-05-28T15:23:06.572Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.