Security Advisory

If you suspect you have found a security defect in BIND or DHCP, or if you wish to inquire about a security issue that you have learned about which has not yet been publicly announced, ISC encourages you to get in touch with our Security Officer by selecting the appropriate pull-down on the Bug Report Form.

Alternatively, you can email us at  However, plain-text e-mail is not a secure choice for communications concerning undisclosed security issues so we ask that you please encrypt your communications to us using the ISC Security Officer public key.

Learn more about Security Vulnerability Disclosure Policy at

Reporting a Bug

  • You may report BIND or DHCP bugs, or request features by using the Bug Report Form.

You may also use email, if you prefer:

  • To report a bug in BIND, other than a security issue, please contact us via
  • To report a bug in ISC DHCP, other than a security issue, please contact us via

For listing of security vulnerabilities about BIND 9, visit ISC’s Knowledge Base’s BIND 9 Vulnerabilities Matrix.

As of Oct, 2010 ISC is now using the CVSS, a program of and NIST, to determine the severity of potential security issues.

To subscribe to our Security Vulnerability RSS feed, please subscribe to updates from our knowledgebase at ISC Security Vulnerability RSS Feed


Although not commonly used, the BIND package contains provisions to allow systems to resolve names using the lightweight resolver protocol, a protocol similar to (but distinct from) the normal DNS protocols. The lightweight resolver protocol can be used either by running the lwresd utility… [...]
Mon, Jul 18, 2016
Source: BIND Security Advisory

[Complete List]


CVE: [...]
Tue, Jan 12, 2016
Source: DHCP Security Advisory
A memory exhaustion bug has been discovered in libdns, which is used by ISC DHCP 4.2. Theoretically this could be exploited to cause memory exhaustion in ISC DHCP 4.2. [...]
Mon, Mar 18, 2013
Source: DHCP Security Advisory
Title: Memory Leaks Found In ISC DHCP [...]
Mon, Jul 23, 2012
Source: DHCP Security Advisory

[Complete List]


ISC Kea may terminate unexpectedly (crash) while handling a malformed client packet. [...]
Mon, Nov 30, 2015
Source: Kea CVEs

Last modified: January 12, 2016 at 1:28 pm