Vulnerability-Lookup

SUSE-SU-2026:1351-1

Vulnerability from csaf_suse - Published: 2026-04-15 13:36 - Updated: 2026-04-15 13:36

Summary

Security update for bind

Severity

Important

Notes

Title of the patch: Security update for bind

Description of the patch: This update for bind fixes the following issues: Security issues: - CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805). - CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567). - CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly (bsc#1260568). - CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569). - use-after-free error in `dns_client_resolve()` triggered by a DNAME response (bsc#1259202). Upgrade to release 9.20.21 Security Fixes: * Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. (CVE-2026-1519) [bsc#1260805] * Fix memory leaks in code preparing DNSSEC proofs of non-existence. (CVE-2026-3104) [bsc#1260567] * Prevent a crash in code processing queries containing a TKEY record. (CVE-2026-3119) [bsc#1260568] * Fix a stack use-after-return flaw in SIG(0) handling code. (CVE-2026-3591) [bsc#1260569] * Fix a use-after-free error in dns_client_resolve() triggered by a DNAME response. This issue only affected the delv tool and it has now been fixed. [bsc#1259202] Feature Changes: * Record query time for all dnstap responses. * Optimize TCP source port selection on Linux. Bug Fixes: * Fix the handling of key statements defined inside views. * Fix an assertion failure triggered by non-minimal IXFRs. * Fix a crash when retrying a NOTIFY over TCP. * Fetch loop detection improvements. * Randomize nameserver selection. * Fix dnstap logging of forwarded queries. * A stale answer could have been served in case of multiple upstream failures when following CNAME chains. This has been fixed. * Fail DNSKEY validation when supported but invalid DS is found. * Importing an invalid SKR file might corrupt stack memory. * Return FORMERR for queries with the EDNS Client Subnet FAMILY field set to 0. * Fix inbound IXFR performance regression. * Make catalog zone names and member zones' entry names case-insensitive. * Fix implementation of BRID and HHIT record types. * Fix implementation of DSYNC record type. * Fix response policy and catalog zones to work with $INCLUDE directive.

Patchnames: SUSE-2026-1351,SUSE-SLE-Module-Basesystem-15-SP7-2026-1351,SUSE-SLE-Module-Server-Applications-15-SP7-2026-1351

CVE-2026-1519

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-3104

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-3119

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

CVE-2026-3591

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

URL

Category

	https://www.suse.com/support/security/rating/	external
	https://ftp.suse.com/pub/projects/security/csaf/s…	self
	https://www.suse.com/support/update/announcement/…	self
	https://lists.suse.com/pipermail/sle-updates/2026…	self
	https://bugzilla.suse.com/1259202	self
	https://bugzilla.suse.com/1260567	self
	https://bugzilla.suse.com/1260568	self
	https://bugzilla.suse.com/1260569	self
	https://bugzilla.suse.com/1260805	self
	https://www.suse.com/security/cve/CVE-2026-1519/	self
	https://www.suse.com/security/cve/CVE-2026-3104/	self
	https://www.suse.com/security/cve/CVE-2026-3119/	self
	https://www.suse.com/security/cve/CVE-2026-3591/	self
	https://www.suse.com/security/cve/CVE-2026-1519	external
	https://bugzilla.suse.com/1260805	external
	https://www.suse.com/security/cve/CVE-2026-3104	external
	https://bugzilla.suse.com/1260567	external
	https://www.suse.com/security/cve/CVE-2026-3119	external
	https://bugzilla.suse.com/1260568	external
	https://www.suse.com/security/cve/CVE-2026-3591	external
	https://bugzilla.suse.com/1260569	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for bind",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for bind fixes the following issues:\n\nSecurity issues:\n\n- CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service (bsc#1260805).\n- CVE-2026-3104: memory leak in code preparing DNSSEC proofs of non-existence allows for DoS (bsc#1260567).\n- CVE-2026-3119: authenticated queries containing a TKEY record may cause `named` to terminate unexpectedly\n  (bsc#1260568).\n- CVE-2026-3591: stack use-after-return flaw in SIG(0) handling code allows for ACL bypass (bsc#1260569).\n- use-after-free error in `dns_client_resolve()` triggered by a DNAME response (bsc#1259202).\n\nUpgrade to release 9.20.21\n Security Fixes:\n * Fix unbounded NSEC3 iterations when validating referrals to\n unsigned delegations.\n (CVE-2026-1519)\n [bsc#1260805]\n * Fix memory leaks in code preparing DNSSEC proofs of\n non-existence.\n (CVE-2026-3104)\n [bsc#1260567]\n * Prevent a crash in code processing queries containing a TKEY\n record.\n (CVE-2026-3119)\n [bsc#1260568]\n * Fix a stack use-after-return flaw in SIG(0) handling code.\n (CVE-2026-3591)\n [bsc#1260569]\n * Fix a use-after-free error in dns_client_resolve() triggered by\n a DNAME response. This issue only affected the delv tool and it\n has now been fixed.\n [bsc#1259202]\n Feature Changes:\n * Record query time for all dnstap responses.\n * Optimize TCP source port selection on Linux.\n Bug Fixes:\n * Fix the handling of key statements defined inside views.\n * Fix an assertion failure triggered by non-minimal IXFRs.\n * Fix a crash when retrying a NOTIFY over TCP.\n * Fetch loop detection improvements.\n * Randomize nameserver selection.\n * Fix dnstap logging of forwarded queries.\n * A stale answer could have been served in case of multiple\n upstream failures when following CNAME chains. This has been\n fixed.\n * Fail DNSKEY validation when supported but invalid DS is found.\n * Importing an invalid SKR file might corrupt stack memory.\n * Return FORMERR for queries with the EDNS Client Subnet FAMILY\n field set to 0.\n * Fix inbound IXFR performance regression.\n * Make catalog zone names and member zones\u0027 entry names\n case-insensitive.\n * Fix implementation of BRID and HHIT record types.\n * Fix implementation of DSYNC record type.\n * Fix response policy and catalog zones to work with $INCLUDE\n directive.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1351,SUSE-SLE-Module-Basesystem-15-SP7-2026-1351,SUSE-SLE-Module-Server-Applications-15-SP7-2026-1351",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1351-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1351-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261351-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1351-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045566.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259202",
        "url": "https://bugzilla.suse.com/1259202"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260567",
        "url": "https://bugzilla.suse.com/1260567"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260568",
        "url": "https://bugzilla.suse.com/1260568"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260569",
        "url": "https://bugzilla.suse.com/1260569"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260805",
        "url": "https://bugzilla.suse.com/1260805"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-1519 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-1519/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3104 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3104/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3119 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3119/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-3591 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-3591/"
      }
    ],
    "title": "Security update for bind",
    "tracking": {
      "current_release_date": "2026-04-15T13:36:44Z",
      "generator": {
        "date": "2026-04-15T13:36:44Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1351-1",
      "initial_release_date": "2026-04-15T13:36:44Z",
      "revision_history": [
        {
          "date": "2026-04-15T13:36:44Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.21-150700.3.18.1.aarch64",
                "product": {
                  "name": "bind-9.20.21-150700.3.18.1.aarch64",
                  "product_id": "bind-9.20.21-150700.3.18.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.21-150700.3.18.1.aarch64",
                "product": {
                  "name": "bind-utils-9.20.21-150700.3.18.1.aarch64",
                  "product_id": "bind-utils-9.20.21-150700.3.18.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.21-150700.3.18.1.i586",
                "product": {
                  "name": "bind-9.20.21-150700.3.18.1.i586",
                  "product_id": "bind-9.20.21-150700.3.18.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.21-150700.3.18.1.i586",
                "product": {
                  "name": "bind-utils-9.20.21-150700.3.18.1.i586",
                  "product_id": "bind-utils-9.20.21-150700.3.18.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-doc-9.20.21-150700.3.18.1.noarch",
                "product": {
                  "name": "bind-doc-9.20.21-150700.3.18.1.noarch",
                  "product_id": "bind-doc-9.20.21-150700.3.18.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.21-150700.3.18.1.ppc64le",
                "product": {
                  "name": "bind-9.20.21-150700.3.18.1.ppc64le",
                  "product_id": "bind-9.20.21-150700.3.18.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.21-150700.3.18.1.ppc64le",
                "product": {
                  "name": "bind-utils-9.20.21-150700.3.18.1.ppc64le",
                  "product_id": "bind-utils-9.20.21-150700.3.18.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.21-150700.3.18.1.s390x",
                "product": {
                  "name": "bind-9.20.21-150700.3.18.1.s390x",
                  "product_id": "bind-9.20.21-150700.3.18.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.21-150700.3.18.1.s390x",
                "product": {
                  "name": "bind-utils-9.20.21-150700.3.18.1.s390x",
                  "product_id": "bind-utils-9.20.21-150700.3.18.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bind-9.20.21-150700.3.18.1.x86_64",
                "product": {
                  "name": "bind-9.20.21-150700.3.18.1.x86_64",
                  "product_id": "bind-9.20.21-150700.3.18.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "bind-utils-9.20.21-150700.3.18.1.x86_64",
                "product": {
                  "name": "bind-utils-9.20.21-150700.3.18.1.x86_64",
                  "product_id": "bind-utils-9.20.21-150700.3.18.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                  "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.21-150700.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64"
        },
        "product_reference": "bind-utils-9.20.21-150700.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.21-150700.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le"
        },
        "product_reference": "bind-utils-9.20.21-150700.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.21-150700.3.18.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x"
        },
        "product_reference": "bind-utils-9.20.21-150700.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-utils-9.20.21-150700.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64"
        },
        "product_reference": "bind-utils-9.20.21-150700.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.21-150700.3.18.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64"
        },
        "product_reference": "bind-9.20.21-150700.3.18.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.21-150700.3.18.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le"
        },
        "product_reference": "bind-9.20.21-150700.3.18.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.21-150700.3.18.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x"
        },
        "product_reference": "bind-9.20.21-150700.3.18.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-9.20.21-150700.3.18.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64"
        },
        "product_reference": "bind-9.20.21-150700.3.18.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bind-doc-9.20.21-150700.3.18.1.noarch as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
          "product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
        },
        "product_reference": "bind-doc-9.20.21-150700.3.18.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-1519",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-1519"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-1519",
          "url": "https://www.suse.com/security/cve/CVE-2026-1519"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260805 for CVE-2026-1519",
          "url": "https://bugzilla.suse.com/1260805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-15T13:36:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-1519"
    },
    {
      "cve": "CVE-2026-3104",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3104"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3104",
          "url": "https://www.suse.com/security/cve/CVE-2026-3104"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260567 for CVE-2026-3104",
          "url": "https://bugzilla.suse.com/1260567"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-15T13:36:44Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-3104"
    },
    {
      "cve": "CVE-2026-3119",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3119"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3119",
          "url": "https://www.suse.com/security/cve/CVE-2026-3119"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260568 for CVE-2026-3119",
          "url": "https://bugzilla.suse.com/1260568"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-15T13:36:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-3119"
    },
    {
      "cve": "CVE-2026-3591",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-3591"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
          "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-3591",
          "url": "https://www.suse.com/security/cve/CVE-2026-3591"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260569 for CVE-2026-3591",
          "url": "https://bugzilla.suse.com/1260569"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP7:bind-utils-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.aarch64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.ppc64le",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.s390x",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-9.20.21-150700.3.18.1.x86_64",
            "SUSE Linux Enterprise Module for Server Applications 15 SP7:bind-doc-9.20.21-150700.3.18.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-15T13:36:44Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-3591"
    }
  ]
}

CVE-2026-3591 (GCVE-0-2026-3591)

Vulnerability from cvelistv5 – Published: 2026-03-25 13:34 – Updated: 2026-03-25 14:13

Title

A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass

Summary

A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-562 - Return of Stack Variable Address
CWE-305 - Authentication Bypass by Primary Weakness

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2026-3591	vendor-advisory
	https://downloads.isc.org/isc/bind9/9.20.21	patch
	https://downloads.isc.org/isc/bind9/9.21.20	patch

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.20.0 , ≤ 9.20.20 (custom) Affected: 9.21.0 , ≤ 9.21.19 (custom) Affected: 9.20.9-S1 , ≤ 9.20.20-S1 (custom) Unaffected: 9.18.0 , ≤ 9.18.46 (custom) Unaffected: 9.18.11-S1 , ≤ 9.18.46-S1 (custom)

Date Public ?

2026-03-25 00:00

Credits

ISC would like to thank Mcsky23 for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:12:43.295485Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:13:01.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.20.20",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.19",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.20-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46",
              "status": "unaffected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46-S1",
              "status": "unaffected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.19",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": false
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Mcsky23 for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access. Default-deny ACLs should fail-secure.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "An attacker may be able to cause an ACL to improperly (mis)match an IP address.  In a default-allow ACL (denying only specific IP addresses), this may lead to unauthorized access."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-562",
              "description": "CWE-562 Return of Stack Variable Address",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-305",
              "description": "CWE-305 Authentication Bypass by Primary Weakness",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T13:34:14.202Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-3591",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-3591"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.21"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-3591",
    "datePublished": "2026-03-25T13:34:14.202Z",
    "dateReserved": "2026-03-05T12:50:58.915Z",
    "dateUpdated": "2026-03-25T14:13:01.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3104 (GCVE-0-2026-3104)

Vulnerability from cvelistv5 – Published: 2026-03-25 13:29 – Updated: 2026-03-25 14:56

Title

Memory leak in code preparing DNSSEC proofs of non-existence

Summary

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-772 - Missing Release of Resource after Effective Lifetime

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2026-3104	vendor-advisory
	https://downloads.isc.org/isc/bind9/9.20.21	patch
	https://downloads.isc.org/isc/bind9/9.21.20	patch

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.20.0 , ≤ 9.20.20 (custom) Affected: 9.21.0 , ≤ 9.21.19 (custom) Affected: 9.20.9-S1 , ≤ 9.20.20-S1 (custom) Unaffected: 9.18.0 , ≤ 9.18.46 (custom) Unaffected: 9.18.11-S1 , ≤ 9.18.46-S1 (custom)

Date Public ?

2026-03-25 00:00

Credits

ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3104",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:56:20.362810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:56:26.373Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.20.20",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.19",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.20-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46",
              "status": "unaffected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46-S1",
              "status": "unaffected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.19",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": false
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "If a BIND resolver is asked to query a specially crafted domain, memory will not be recovered by `named`. This can cause unbounded growth of Resident Set Size (RSS) memory, which may lead to an out-of-memory condition. Additionally, `named` will exit with an assertion failure if a shutdown or reload is attempted."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T13:29:19.494Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-3104",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-3104"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.21"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Memory leak in code preparing DNSSEC proofs of non-existence",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-3104",
    "datePublished": "2026-03-25T13:29:19.494Z",
    "dateReserved": "2026-02-24T10:04:57.917Z",
    "dateUpdated": "2026-03-25T14:56:26.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1519 (GCVE-0-2026-1519)

Vulnerability from cvelistv5 – Published: 2026-03-25 13:25 – Updated: 2026-04-13 09:35

Title

Excessive NSEC3 iterations cause high CPU load during insecure delegation validation

Summary

If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries). This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-606 - Unchecked Input for Loop Condition

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2026-1519	vendor-advisory
	https://downloads.isc.org/isc/bind9/9.18.47	patch
	https://downloads.isc.org/isc/bind9/9.20.21	patch
	https://downloads.isc.org/isc/bind9/9.21.20	patch

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.11.0 , ≤ 9.16.50 (custom) Affected: 9.18.0 , ≤ 9.18.46 (custom) Affected: 9.20.0 , ≤ 9.20.20 (custom) Affected: 9.21.0 , ≤ 9.21.19 (custom) Affected: 9.11.3-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.46-S1 (custom) Affected: 9.20.9-S1 , ≤ 9.20.20-S1 (custom)

Date Public ?

2026-03-25 00:00

Credits

ISC would like to thank Samy Medjahed/Ap4sh for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1519",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:55:33.427270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:55:40.032Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-13T09:35:57.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.16.50",
              "status": "affected",
              "version": "9.11.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46",
              "status": "affected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.20",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.19",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.16.50-S1",
              "status": "affected",
              "version": "9.11.3-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46-S1",
              "status": "affected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.20-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50",
                  "versionStartIncluding": "9.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.19",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.16.50-S1",
                  "versionStartIncluding": "9.11.3-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Samy Medjahed/Ap4sh for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers may make recursive queries (see: https://kb.isc.org/docs/why-does-my-authoritative-server-make-recursive-queries).\nThis issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.46, 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.46-S1, and 9.20.9-S1 through 9.20.20-S1."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "If this issue is encountered, the resolver may experience excessive CPU consumption and a sharp decrease in the number of queries per second that it can handle."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-606",
              "description": "CWE-606 Unchecked Input for Loop Condition",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T13:25:19.802Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-1519",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-1519"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.18.47"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.21"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.47, 9.20.21, 9.21.20, 9.18.47-S1, or 9.20.21-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Excessive NSEC3 iterations cause high CPU load during insecure delegation validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "This is not recommended, but disabling DNSSEC (`dnssec-validation no;`) prevents exploitation of this issue."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-1519",
    "datePublished": "2026-03-25T13:25:19.802Z",
    "dateReserved": "2026-01-28T09:54:49.514Z",
    "dateUpdated": "2026-04-13T09:35:57.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-3119 (GCVE-0-2026-3119)

Vulnerability from cvelistv5 – Published: 2026-03-25 13:31 – Updated: 2026-03-25 14:13

Title

Authenticated query containing a TKEY record may cause named to terminate unexpectedly

Summary

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-617 - Reachable Assertion

Assigner

isc

References

URL

Tags

	https://kb.isc.org/docs/cve-2026-3119	vendor-advisory
	https://downloads.isc.org/isc/bind9/9.20.21	patch
	https://downloads.isc.org/isc/bind9/9.21.20	patch

Impacted products

	Vendor	Product	Version
	ISC	BIND 9	Affected: 9.20.0 , ≤ 9.20.20 (custom) Affected: 9.21.0 , ≤ 9.21.19 (custom) Affected: 9.20.9-S1 , ≤ 9.20.20-S1 (custom) Unaffected: 9.18.0 , ≤ 9.18.46 (custom) Unaffected: 9.18.11-S1 , ≤ 9.18.46-S1 (custom)

Date Public ?

2026-03-25 00:00

Credits

ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-3119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-25T14:13:41.579382Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-25T14:13:54.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "BIND 9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThanOrEqual": "9.20.20",
              "status": "affected",
              "version": "9.20.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.21.19",
              "status": "affected",
              "version": "9.21.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.20.20-S1",
              "status": "affected",
              "version": "9.20.9-S1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46",
              "status": "unaffected",
              "version": "9.18.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.18.46-S1",
              "status": "unaffected",
              "version": "9.18.11-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20",
                  "versionStartIncluding": "9.20.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.21.19",
                  "versionStartIncluding": "9.21.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.20.20-S1",
                  "versionStartIncluding": "9.20.9-S1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46",
                  "versionStartIncluding": "9.18.0",
                  "vulnerable": false
                },
                {
                  "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.18.46-S1",
                  "versionStartIncluding": "9.18.11-S1",
                  "vulnerable": false
                }
              ],
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Vitaly Simonovich for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2026-03-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "If this situation is encountered, `named` will terminate unexpectedly."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617 Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-25T13:31:54.806Z",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "name": "CVE-2026-3119",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://kb.isc.org/docs/cve-2026-3119"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.20.21"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://downloads.isc.org/isc/bind9/9.21.20"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Authenticated query containing a TKEY record may cause named to terminate unexpectedly",
      "workarounds": [
        {
          "lang": "en",
          "value": "Remove any TSIG keys that might be used by an attacker."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2026-3119",
    "datePublished": "2026-03-25T13:31:54.806Z",
    "dateReserved": "2026-02-24T12:29:14.561Z",
    "dateUpdated": "2026-03-25T14:13:54.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

SUSE-SU-2026:1351-1

CVE-2026-3591 (GCVE-0-2026-3591)

CVE-2026-3104 (GCVE-0-2026-3104)

CVE-2026-1519 (GCVE-0-2026-1519)

CVE-2026-3119 (GCVE-0-2026-3119)

Tags

Sightings

Nomenclature