The BIND 9 DNS server is affected by several vulnerabilities across multiple versions, which could lead to server instability and performance degradation. A malicious client could exploit these issues by sending a large number of DNS messages over TCP, potentially causing server instability. Additionally, resolver caches and authoritative zone databases with numerous Resource Records (RRs) for the same hostname may experience performance degradation during content updates or client queries. If a server hosts a zone with a “KEY” Resource Record, or if a resolver DNSSEC-validates a “KEY” Resource Record from a DNSSEC-signed domain, an attacker could exhaust CPU resources by sending a stream of SIG(0) signed requests. Furthermore, client queries that trigger the serving of stale data and require lookups in local authoritative zone data may result in an assertion failure. These issues affect various versions of BIND 9, from 9.0.0 through 9.19.24, including specific security-enhanced (S1) versions.