The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
Max CVSS
5.4
EPSS Score
0.90%
Published
2014-12-11
Updated
2019-07-30
BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.
Max CVSS
6.8
EPSS Score
1.86%
Published
2009-01-07
Updated
2018-10-11
2 vulnerabilities found