Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0360
Vulnerability from certfr_avis - Published: 2026-03-26 - Updated: 2026-03-26
De multiples vulnérabilités ont été découvertes dans ISC BIND. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| ISC | BIND | BIND versions 9.20.x antérieures à 9.20.21 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions antérieures à 9.18.47-S1 | ||
| ISC | BIND | BIND versions 9.21.x antérieures à 9.21.20 | ||
| ISC | BIND Supported Preview Edition | BIND Supported Preview Edition versions 9.20.x antérieures à 9.20.21-S1 | ||
| ISC | BIND | BIND versions antérieures à 9.18.47 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BIND versions 9.20.x ant\u00e9rieures \u00e0 9.20.21",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions ant\u00e9rieures \u00e0 9.18.47-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions 9.21.x ant\u00e9rieures \u00e0 9.21.20",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND Supported Preview Edition versions 9.20.x ant\u00e9rieures \u00e0 9.20.21-S1",
"product": {
"name": "BIND Supported Preview Edition",
"vendor": {
"name": "ISC",
"scada": false
}
}
},
{
"description": "BIND versions ant\u00e9rieures \u00e0 9.18.47",
"product": {
"name": "BIND",
"vendor": {
"name": "ISC",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-3119",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3119"
},
{
"name": "CVE-2026-3104",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3104"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-3591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3591"
}
],
"initial_release_date": "2026-03-26T00:00:00",
"last_revision_date": "2026-03-26T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0360",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans ISC BIND. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans ISC BIND",
"vendor_advisories": [
{
"published_at": "2026-03-25",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2026-3119",
"url": "https://kb.isc.org/v1/docs/cve-2026-3119"
},
{
"published_at": "2026-03-25",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2026-1519",
"url": "https://kb.isc.org/v1/docs/cve-2026-1519"
},
{
"published_at": "2026-03-25",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2026-3104",
"url": "https://kb.isc.org/v1/docs/cve-2026-3104"
},
{
"published_at": "2026-03-25",
"title": "Bulletin de s\u00e9curit\u00e9 ISC BIND cve-2026-3591",
"url": "https://kb.isc.org/v1/docs/cve-2026-3591"
}
]
}
CVE-2026-1519 (GCVE-0-2026-1519)
Vulnerability from cvelistv5 – Published: 2026-03-25 13:25 – Updated: 2026-07-03 12:05
VLAI
EPSS
Title
Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Summary
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).
This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
27 references
Impacted products
37 products
Date Public
2026-03-25 00:00
Credits
ISC would like to thank Samy Medjahed/Ap4sh for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1519",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T14:55:33.427270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:55:40.032Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-04-13T09:35:57.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus_long_life:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-25T13:25:19.802Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service (DoS) for legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T12:05:03.775Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-1519"
},
{
"name": "RHBZ#2451305",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451305"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-1519.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11372"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11371"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29863"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24851"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8312"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8352"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8155"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16064"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16060"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25171"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15890"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25083"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29110"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25214"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24500"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24934"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:8075"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7915"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:11372: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
},
{
"lang": "en",
"value": "RHSA-2026:11371: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:29863: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:24851: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:8312: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:8352: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:8155: Red Hat Enterprise Linux AppStream (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:16064: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4), Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:16060: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:25171: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:15890: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8), Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:25083: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:29110: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:25214: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:24500: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:24934: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:8075: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:7915: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:6935: Red Hat Hardened Images"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T14:01:56.586Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-25T13:25:19.802Z",
"value": "Made public."
}
],
"title": "bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, disable DNSSEC validation on affected BIND resolvers. Alternatively, configure the BIND server as authoritative-only if recursive queries are not required. Disabling DNSSEC validation may reduce the security posture of the DNS resolver. A restart of the BIND service (`named`) is required for these changes to take effect and may temporarily interrupt DNS resolution."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.11.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.20",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.19",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.11.3-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.20-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.16.50",
"versionStartIncluding": "9.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46",
"versionStartIncluding": "9.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.19",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.16.50-S1",
"versionStartIncluding": "9.11.3-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Samy Medjahed/Ap4sh for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If this issue is encountered, the resolver may experience excessive CPU consumption and a sharp decrease in the number of queries per second that it can handle."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "CWE-606 Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:25:19.802Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-1519",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-1519"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.18.47"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.47, 9.20.21, 9.21.20, 9.18.47-S1, or 9.20.21-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Excessive NSEC3 iterations cause high CPU load during insecure delegation validation",
"workarounds": [
{
"lang": "en",
"value": "This is not recommended, but disabling DNSSEC (`dnssec-validation no;`) prevents exploitation of this issue."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-1519",
"datePublished": "2026-03-25T13:25:19.802Z",
"dateReserved": "2026-01-28T09:54:49.514Z",
"dateUpdated": "2026-07-03T12:05:03.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3104 (GCVE-0-2026-3104)
Vulnerability from cvelistv5 – Published: 2026-03-25 13:29 – Updated: 2026-06-30 12:08
VLAI
EPSS
Title
Memory leak in code preparing DNSSEC proofs of non-existence
Summary
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2026-3104 | vendor-advisory |
| https://downloads.isc.org/isc/bind9/9.20.21 | patch |
| https://downloads.isc.org/isc/bind9/9.21.20 | patch |
| https://access.redhat.com/security/cve/CVE-2026-3104 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2451310 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:6935 | vendor-advisoryx_refsource_REDHAT |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.20.0 , ≤ 9.20.20
(custom)
Affected: 9.21.0 , ≤ 9.21.19 (custom) Affected: 9.20.9-S1 , ≤ 9.20.20-S1 (custom) Unaffected: 9.18.0 , ≤ 9.18.46 (custom) Unaffected: 9.18.11-S1 , ≤ 9.18.46-S1 (custom) |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public
2026-03-25 00:00
Credits
ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3104",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T14:56:20.362810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:56:26.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-03-25T13:29:19.494Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the BIND resolver. A remote attacker can exploit this vulnerability by querying a specially crafted domain, which causes a memory leak. This memory leak can lead to a Denial of Service (DoS) condition, making the BIND resolver unavailable to legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:08:17.924Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-3104"
},
{
"name": "RHBZ#2451310",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451310"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3104.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:6935"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:6935: Red Hat Hardened Images"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T14:02:15.067Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-03-25T13:29:19.494Z",
"value": "Made public."
}
],
"title": "bind: BIND: Denial of Service via specially crafted domain query causing a memory leak",
"workarounds": [
{
"lang": "en",
"value": "To mitigate this issue, restrict access to the BIND resolver to trusted clients only. This can be achieved by configuring firewall rules to limit inbound connections to port 53 (UDP/TCP) from known, authorized IP addresses or networks. Alternatively, configure BIND to listen only on specific trusted interfaces or localhost.\n\nExample using firewalld:\n`firewall-cmd --permanent --add-rich-rule=\u0027rule family=\"ipv4\" source address=\"\u003cTRUSTED_IP_OR_NETWORK\u003e\" port port=53 protocol=\"udp\" accept\u0027`\n`firewall-cmd --permanent --add-rich-rule=\u0027rule family=\"ipv4\" source address=\"\u003cTRUSTED_IP_OR_NETWORK\u003e\" port port=53 protocol=\"tcp\" accept\u0027`\n`firewall-cmd --reload`\n\nAfter applying changes, a restart of the BIND service may be required for the new configuration to take full effect. This may temporarily interrupt DNS resolution services."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.20",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.19",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.20-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46",
"status": "unaffected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46-S1",
"status": "unaffected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.19",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46",
"versionStartIncluding": "9.18.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If a BIND resolver is asked to query a specially crafted domain, memory will not be recovered by `named`. This can cause unbounded growth of Resident Set Size (RSS) memory, which may lead to an out-of-memory condition. Additionally, `named` will exit with an assertion failure if a shutdown or reload is attempted."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:29:19.494Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-3104",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-3104"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Memory leak in code preparing DNSSEC proofs of non-existence",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-3104",
"datePublished": "2026-03-25T13:29:19.494Z",
"dateReserved": "2026-02-24T10:04:57.917Z",
"dateUpdated": "2026-06-30T12:08:17.924Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3119 (GCVE-0-2026-3119)
Vulnerability from cvelistv5 – Published: 2026-03-25 13:31 – Updated: 2026-03-25 14:13
VLAI
EPSS
Title
Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Summary
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2026-3119 | vendor-advisory |
| https://downloads.isc.org/isc/bind9/9.20.21 | patch |
| https://downloads.isc.org/isc/bind9/9.21.20 | patch |
Impacted products
Date Public
2026-03-25 00:00
Credits
ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T14:13:41.579382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:13:54.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.20",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.19",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.20-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46",
"status": "unaffected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46-S1",
"status": "unaffected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.19",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46",
"versionStartIncluding": "9.18.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "If this situation is encountered, `named` will terminate unexpectedly."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:31:54.806Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-3119",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-3119"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Authenticated query containing a TKEY record may cause named to terminate unexpectedly",
"workarounds": [
{
"lang": "en",
"value": "Remove any TSIG keys that might be used by an attacker."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-3119",
"datePublished": "2026-03-25T13:31:54.806Z",
"dateReserved": "2026-02-24T12:29:14.561Z",
"dateUpdated": "2026-03-25T14:13:54.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3591 (GCVE-0-2026-3591)
Vulnerability from cvelistv5 – Published: 2026-03-25 13:34 – Updated: 2026-03-25 14:13
VLAI
EPSS
Title
A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass
Summary
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://kb.isc.org/docs/cve-2026-3591 | vendor-advisory |
| https://downloads.isc.org/isc/bind9/9.20.21 | patch |
| https://downloads.isc.org/isc/bind9/9.21.20 | patch |
Impacted products
Date Public
2026-03-25 00:00
Credits
ISC would like to thank Mcsky23 for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T14:12:43.295485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T14:13:01.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.20",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.19",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.20-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46",
"status": "unaffected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.46-S1",
"status": "unaffected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.19",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.20-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46",
"versionStartIncluding": "9.18.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.46-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Mcsky23 for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-562",
"description": "CWE-562 Return of Stack Variable Address",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:34:14.202Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-3591",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-3591"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.21"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.20"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass",
"workarounds": [
{
"lang": "en",
"value": "No workarounds known."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-3591",
"datePublished": "2026-03-25T13:34:14.202Z",
"dateReserved": "2026-03-05T12:50:58.915Z",
"dateUpdated": "2026-03-25T14:13:01.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…