Security Vulnerabilities

If you suspect you have found a security defect in BIND or DHCP, or if you wish to inquire about a security issue that you have learned about which has not yet been publicly announced, ISC encourages you to get in touch with our Security Officer by selecting the appropriate pull-down on the Bug Report Form.

Alternatively, you can email us at  However, plain-text e-mail is not a secure choice for communications concerning undisclosed security issues so we ask that you please encrypt your communications to us using the ISC Security Officer public key.

Learn more about Security Vulnerability Disclosure Policy at

Reporting a Bug that is NOT a security vulnerability

  • Please report bugs in BIND 9 by opening an issue in our BIND Gitlab.
  • Please report bugs in Kea at our Kea Trac instance.
  • You may report DHCP bugs, or request features by using the Bug Report Form. You may also use email, if you prefer, by contacting us at

For listing of security vulnerabilities about BIND 9, visit ISC’s Knowledge Base’s BIND 9 Vulnerabilities Matrix.

ISC uses the CVSS, a program of and NIST, to determine the severity of potential security issues.

To subscribe to our Security Vulnerability RSS feed, please subscribe to updates from our knowledgebase at ISC Security Vulnerability RSS Feed


Summary:In versions of BIND released prior to July 2018 (before BIND 9.9.13, 9.10.8, 9.11.4, 9.12.2, and BIND 9.13.1) it is possible for extraordinarily large zone transfers to cause several related problems, with possible outcomes including corrupted journal files or server exit due to assertion… [...]
Wed, Jul 04, 2018
Source: BIND Operational Notifications
Improper sequencing during cleanup can lead to a use-after-free error, triggering an assertion failure and crash in named. [...]
Tue, Jan 16, 2018
Source: BIND Security Advisory
Summary:KSK-2010, the DNSSEC Key Signing Key that has served as the trust anchor for the root DNS zone (.) since it was introduced in 2010, is scheduled to be retired soon. A new key, KSK-2017, has been introduced and operators of validating resolvers should check their servers to ensure… [...]
Thu, Sep 28, 2017
Source: BIND Operational Notifications
BIND 9.11.0 and 9.11.1 carries a number of integration problems with LMDB (liblmdb) that will be addressed in BIND 9.11.2. [...]
Wed, Jun 14, 2017
Source: BIND Operational Notifications
Summary: DNS protocols were designed with the assumption that a certain amount of trust could be presumed between the operators of primary and secondary servers for a given zone. &nbs [...]
Thu, Jul 07, 2016
Source: BIND Operational Notifications

[Complete List]


Kea DHCP 1.4.0 may fail to release memory after temporarily storing client network packets. This causes a constant increase in memory consumption that can cause server resources to become exhausted, leading to loss of DHCP server functionality. [...]
Fri, Jun 29, 2018
Source: Kea CVEs
ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. [...]
Mon, Nov 30, 2015
Source: Kea CVEs

Last modified: March 2, 2018 at 8:51 am