7.5

CVE-2026-3104

Medienbericht

Memory leak in code preparing DNSSEC proofs of non-existence

A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind SwEdition- Version >= 9.20.0 < 9.20.21
IscBind SwEdition- Version >= 9.21.0 < 9.21.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.484
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-officer@isc.org 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
01.04.2026 09:30
https://downloads.isc.org/isc/bind9/9.20.21
Patch
https://downloads.isc.org/isc/bind9/9.21.20
Patch
https://kb.isc.org/docs/cve-2026-3104
Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:6935
https://access.redhat.com/security/cve/CVE-2026-3104
https://bugzilla.redhat.com/show_bug.cgi?id=2451310
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3104.json