Aggregates CVE and security vulnerability intelligence across all d.j.bernstein-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-1191 | The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | [email protected] | 6.4 | 1.92% | 2012-02-17 | 2026-06-16 |
| CVE-2009-0858 | The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain. | [email protected] | 5.8 | 6.28% | 2009-03-09 | 2026-06-16 |
| CVE-2008-4392 | dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query. | [email protected] | 6.4 | 1.69% | 2009-02-19 | 2026-06-16 |