CVE-2026-5946
- EPSS 1.81%
- Veröffentlicht 20.05.2026 13:16:40
- Zuletzt bearbeitet 30.06.2026 03:21:10
Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Special...
CVE-2026-5947
- EPSS 1.39%
- Veröffentlicht 20.05.2026 13:16:40
- Zuletzt bearbeitet 30.06.2026 03:21:10
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients"...
CVE-2026-5950
- EPSS 0.55%
- Veröffentlicht 20.05.2026 13:16:40
- Zuletzt bearbeitet 21.05.2026 15:24:34
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. T...
CVE-2026-3039
- EPSS 1.05%
- Veröffentlicht 20.05.2026 13:16:23
- Zuletzt bearbeitet 30.06.2026 03:19:09
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Direct...
CVE-2026-3592
- EPSS 0.41%
- Veröffentlicht 20.05.2026 13:16:23
- Zuletzt bearbeitet 21.05.2026 15:24:25
BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 thr...
CVE-2026-3593
- EPSS 1.84%
- Veröffentlicht 20.05.2026 13:16:23
- Zuletzt bearbeitet 30.06.2026 03:19:13
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1...
CVE-2026-3591
- EPSS 0.36%
- Veröffentlicht 25.03.2026 13:34:14
- Zuletzt bearbeitet 21.05.2026 15:24:36
A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly (mis)match an IP address. In a default-allow ACL ...
CVE-2026-3119
- EPSS 0.58%
- Veröffentlicht 25.03.2026 13:31:54
- Zuletzt bearbeitet 21.05.2026 15:24:39
Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` co...
CVE-2026-3104
- EPSS 0.7%
- Veröffentlicht 25.03.2026 13:29:19
- Zuletzt bearbeitet 30.06.2026 03:19:11
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18...
CVE-2026-1519
- EPSS 1.55%
- Veröffentlicht 25.03.2026 13:25:19
- Zuletzt bearbeitet 03.07.2026 13:16:57
If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are generally unaffected, although there are circumstances where authoritative servers ma...