ISC fixes High risk BIND vulnerabilities, BIND 9 Security Vulnerability Matrix

The Internet Systems Consortium (ISC) has released new security updates that fix four High risk vulnerabilities in multiple versions of ISC Berkeley Internet Name Domain (BIND), as well as BIND 9 Security Vulnerability Matrix.

BIND is the most widely used Domain Name System software on the Internet.

ISC patched the following High severity vulnerabilities:

  • CVE-2022-2906
  • CVE-2022-3080
  • CVE-2022-38177
  • CVE-2022-38178

All four of the flaws have a CVSS score of 7.5.


The first vulnerability (CVE-2022-2906) is the result of memory leaks in code handling Diffie-Hellman key exchange via TKEY RRs (OpenSSL 3.0.0+ only).


The second vulnerability (CVE-2022-3080) is when BIND 9 resolvers are configured to answer from stale cache with zero stale-answer-client-timeout may terminate unexpectedly.


The third vulnerability (CVE-2022-38177) is a memory leak in ECDSA DNSSEC verification code.


Finally, the fourth vulnerability (CVE-2022-38178) is the result of memory leaks in EdDSA DNSSEC verification code.

Moreover, ISC also published a BIND 9 Security Vulnerability Matrix, a tool to help DNS operators understand the current security risk for a given version of BIND.

Related Articles