BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
CVSS Score
5.0
EPSS Score
0.037
Published
2002-11-29
Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.
CVSS Score
7.5
EPSS Score
0.035
Published
2002-08-12
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
CVSS Score
7.5
EPSS Score
0.054
Published
2002-07-03
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
CVSS Score
5.0
EPSS Score
0.277
Published
2002-06-18
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
CVSS Score
7.8
EPSS Score
0.001
Published
2001-07-21
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.454
Published
2001-02-12
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.071
Published
2001-02-12
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
CVSS Score
5.0
EPSS Score
0.2
Published
2001-02-12
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
CVSS Score
10.0
EPSS Score
0.093
Published
2001-02-12
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
CVSS Score
5.0
EPSS Score
0.173
Published
2000-12-19