BIND 8 vulnerability matrix
This table summarizes the vulnerability to the bugs mentioned for all released versions of BIND 8.
BIND 8 is in "End of Life" status, which means that we recommend that you not use it. As you can see from the table below, BIND 8 is vulnerable to modern attacks. Please use a newer version.
The numbers listed in the first row are the CVE (Common Vulnerabilities and Exposure) references and are hyperlinked to the appropriate pages on the CVE website, and are also listed in a separate table below, with a short description.
| ver/CVE | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 27 | 28 | 29 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 8.4.7-P1 | + | + | ||||||||||||||||||||
| 8.4.7 | + | + | + | |||||||||||||||||||
| 8.4.6 | + | + | + | |||||||||||||||||||
| 8.4.5 | + | + | + | + | + | |||||||||||||||||
| 8.4.4 | + | + | + | + | + | |||||||||||||||||
| 8.4.3 | + | + | + | |||||||||||||||||||
| 8.4.2 | + | + | + | + | + | |||||||||||||||||
| 8.4.1 | + | + | + | + | + | |||||||||||||||||
| 8.4.0 | + | + | + | + | + | |||||||||||||||||
| 8.3.7 | + | + | + | |||||||||||||||||||
| 8.3.6 | + | + | + | + | ||||||||||||||||||
| 8.3.5 | + | + | + | + | ||||||||||||||||||
| 8.3.4 | + | + | + | + | ||||||||||||||||||
| 8.3.3 | + | + | + | + | + | + | ||||||||||||||||
| 8.3.2 | + | + | + | + | + | + | + | |||||||||||||||
| 8.3.1 | + | + | + | + | + | + | + | |||||||||||||||
| 8.3.0 | + | + | + | + | + | + | + | + | ||||||||||||||
| 8.2.7 | + | + | + | + | ||||||||||||||||||
| 8.2.6 | + | + | + | + | + | + | ||||||||||||||||
| 8.2.5 | + | + | + | + | + | + | + | |||||||||||||||
| 8.2.4 | + | + | + | + | + | + | + | |||||||||||||||
| 8.2.3 | + | + | + | + | + | + | + | |||||||||||||||
| 8.2.2 | + | + | + | + | + | + | + | + | + | + | + | + | + | |||||||||
| 8.2.1 | + | + | + | + | + | + | + | + | + | + | + | + | + | + | + | + | ||||||
| 8.2.0 | + | + | + | + | + | + | + | + | + | + | + | + | + | + | + | + |
Legend:
| # | CVE number | short description |
|---|---|---|
| 0 | 1999-0833 | Buffer overflow via NXT records. |
| 1 | 1999-0835 | Denial of service via malformed SIG records. |
| 2 | 1999-0837 | Denial of service by improperly closing TCP sessions via so_linger. |
| 3 | 1999-0848 | Denial of service named via consuming more than "fdmax" file descriptors. |
| 4 | 1999-0849 | Denial of service via maxdname. |
| 5 | 1999-0851 | Denial of service via naptr. |
| 6 | 2000-0887 | Denial of service by compressed zone transfer (ZXFR) request. |
| 7 | 2000-0888 | Denial of service via SRV record. |
| 8 | 2001-0010 | Buffer overflow in TSIG code allows root privileges. |
| 10 | 2001-0012 | Ability to access sensitive information such as environment variables. |
| 11 | 2001-0013 | Format string vulnerability in nslookupComplain allows root privileges. |
| 12 | 2002-0029 | Buffer overflows in resolver library allows execution of arbitrary code. |
| 13 | 2002-0400 | Denial of service via malformed DNS packet. |
| 14 | 2002-0651 | Buffer overflow in resolver code may cause a DoS and arbitrary code execution. |
| 15 | 2002-1220 | Denial of service via request for nonexistent subdomain using large OPT RR. |
| 16 | 2002-1221 | Denial of service via SIG RR elements with invalid expiry times. |
| 17 | 2003-0914 | Cache poisoning via negative responses with a large TTL value. |
| 18 | 2005-0033 | Buffer overflow in recursion and glue code allows denial of service. |
| 19 | 2005-0034 | Denial of service via crafted DNS packets causing internal self-check to fail. |
| 27 | 2007-2930 | cryptographically weak query ids (BIND 8) |
| 28 | 2008-0122 | inet_network() off-by-one buffer overflow |
| 29 | 2008-1447 | DNS cache poisoning issue |
