Known Vulnerabilities for products from ISC
Listed below are 20 of the newest known vulnerabilities associated with the vendor "ISC".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-4236 json | A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion f... | 7.5 - HIGH | 2023-09-20 | 2024-02-01 |
| CVE-2023-3341 json | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. R... | 7.5 - HIGH | 2023-09-20 | 2024-01-31 |
| CVE-2023-2911 json | If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-a... | 7.5 - HIGH | 2023-06-21 | 2023-07-03 |
| CVE-2023-2829 json | A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Ca... | 7.5 - HIGH | 2023-06-21 | 2023-07-03 |
| CVE-2023-2828 json | Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the quer... | 7.5 - HIGH | 2023-06-21 | 2023-07-21 |
| CVE-2022-38178 json | By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory ... | 7.5 - HIGH | 2022-09-21 | 2023-11-07 |
| CVE-2022-38177 json | By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory ... | 7.5 - HIGH | 2022-09-21 | 2023-11-07 |
| CVE-2022-3924 json | This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-... | 7.5 - HIGH | 2023-01-26 | 2023-11-07 |
| CVE-2022-3736 json | BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a po... | 7.5 - HIGH | 2023-01-26 | 2023-11-07 |
| CVE-2022-3488 json | Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is b... | 7.5 - HIGH | 2023-01-26 | 2023-11-07 |
| CVE-2022-3094 json | Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named... | 7.5 - HIGH | 2023-01-26 | 2023-11-07 |
| CVE-2022-3080 json | By sending specific queries to the resolver, an attacker can cause named to crash. | 7.5 - HIGH | 2022-09-21 | 2023-11-07 |
| CVE-2022-2929 json | In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets c... | 6.5 - MEDIUM | 2022-10-07 | 2023-11-07 |
| CVE-2022-2928 json | In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from... | 6.5 - MEDIUM | 2022-10-07 | 2023-11-07 |
| CVE-2022-2906 json | An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources... | 7.5 - HIGH | 2022-09-21 | 2022-12-03 |
| CVE-2022-2881 json | The underlying bug might cause read past end of the buffer and either read memory it should not read, or crash the process. | 8.2 - HIGH | 2022-09-21 | 2022-11-16 |
| CVE-2022-2795 json | By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's perform... | 5.3 - MEDIUM | 2022-09-21 | 2023-11-07 |
| CVE-2022-1183 json | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable co... | 7.5 - HIGH | 2022-05-19 | 2022-10-07 |
| CVE-2022-0667 json | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | 7.5 - HIGH | 2022-03-22 | 2023-11-09 |
| CVE-2022-0635 json | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process wi... | 7.5 - HIGH | 2022-03-23 | 2023-11-09 |
Known software with vulnerabilities from ISC
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Isc | Bind | - |
| Application | Isc | Dhcp | 3.0 |
| Application | Isc | Dhcpd | - |
| Application | Isc | Dhcp Client | - |
| Application | Isc | Dnsco Bind | 9.9.3 |
| Application | Isc | Inn | - |
| Application | Isc | Kea | 0.9.2 |