6.5

CVE-2026-3119

Medienbericht

Authenticated query containing a TKEY record may cause named to terminate unexpectedly

Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IscBind SwEdition- Version >= 9.20.0 < 9.20.21
IscBind SwEdition- Version >= 9.21.0 < 9.21.20
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.429
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security-officer@isc.org 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
01.04.2026 09:30
https://downloads.isc.org/isc/bind9/9.20.21
Patch
https://downloads.isc.org/isc/bind9/9.21.20
Patch
https://kb.isc.org/docs/cve-2026-3119
Vendor Advisory