Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 48 results


CVE-2023-4408

Medium priority

Some fixes available 5 of 14

The DNS message parsing code in `named` includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Needs evaluation Ignored
bind9-libs Not in release Needs evaluation Needs evaluation Not in release Not in release
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-4236

Medium priority

Some fixes available 5 of 6

A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Not affected Not affected Not affected
isc-dhcp Not affected Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-3341

Medium priority

Some fixes available 9 of 10

The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
isc-dhcp Not affected Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-2829

Medium priority
Not affected

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Not affected Not affected Not affected Not affected
isc-dhcp Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-2911

Medium priority

Some fixes available 7 of 10

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Not affected Not affected
bind9-libs Not in release Not affected Not affected Not in release Not in release
isc-dhcp Not affected Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2023-2828

Medium priority

Some fixes available 10 of 18

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can...

3 affected packages

bind9, bind9-libs, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Fixed Fixed Fixed
bind9-libs Not in release Needs evaluation Needs evaluation Not in release Not in release
isc-dhcp Needs evaluation Not affected Not affected Needs evaluation Not affected
Show less packages

CVE-2022-3488

Medium priority
Not affected

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Not affected Not affected Not affected Not affected
isc-dhcp Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-3924

Medium priority
Fixed

This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Not affected Not affected Not affected
isc-dhcp Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-3736

Medium priority
Fixed

BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12...

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Not affected Not affected Not affected
isc-dhcp Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-3094

Medium priority
Fixed

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited....

2 affected packages

bind9, isc-dhcp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
bind9 Fixed Fixed Not affected Not affected
isc-dhcp Not affected Not affected Not affected Not affected
Show less packages