7.5
CVE-2026-3104
- EPSS 0.7%
- Veröffentlicht 25.03.2026 13:29:19
- Zuletzt bearbeitet 30.06.2026 03:19:11
- Quelle security-officer@isc.org
- CVE-Watchlists
- Unerledigt
Memory leak in code preparing DNSSEC proofs of non-existence
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.484 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-officer@isc.org | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
CWE-772 Missing Release of Resource after Effective Lifetime
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://downloads.isc.org/isc/bind9/9.20.21
https://downloads.isc.org/isc/bind9/9.21.20
https://kb.isc.org/docs/cve-2026-3104
https://access.redhat.com/errata/RHSA-2026:6935
https://access.redhat.com/security/cve/CVE-2026-3104
https://bugzilla.redhat.com/show_bug.cgi?id=2451310
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3104.json