Description
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain.
This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.
BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A specially crafted domain name can trigger a memory leak in the DNS resolver component of ISC BIND 9. The leak occurs during the preparation of DNSSEC proofs of non‑existence, causing unchecked allocation that gradually consumes available memory. Over time this can exhaust system resources, leading to crashes or reduced performance and effectively denying service to legitimate queries. The weakness corresponds to improper resource handling (CWE‑772).

Affected Systems

ISC BIND 9 on all operating systems, specifically versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9‑S1 through 9.20.20‑S1. Versions 9.18.0‑9.18.46 and 9.18.11‑S1‑9.18.46‑S1 are not affected.

Risk and Exploitability

The vulnerability scores a CVSS 7.5, indicating high impact. The EPSS score is 0.047%, which is less than 1%, indicating a very low but nonzero likelihood of exploitation, and it is not listed in the CISA KEV catalog. Attackers can trigger the issue remotely by issuing DNS queries that reference a malicious domain name, leveraging any publicly reachable BIND resolver. The requirement is only network access to the resolver; no authentication or privileged state is needed. Consequently, the risk is significant for exposed DNS servers.

Generated by OpenCVE AI on May 21, 2026 at 17:23 UTC.

Remediation

Vendor Solution

Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.21, 9.21.20, or 9.20.21-S1.

Vendor Workaround

No workarounds known.

OpenCVE Recommended Actions

  • Upgrade ISC BIND 9 to version 9.20.21, 9.21.20, or 9.20.21‑S1, which contain the fix.
  • If upgrade is not immediately possible, monitor memory usage on affected servers and consider restricting query traffic from untrusted networks.
  • Refer to ISC documentation (e.g., https://kb.isc.org/docs/cve-2026-3104) for detailed upgrade instructions.

Generated by OpenCVE AI on May 21, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6181-1 bind9 security update
Ubuntu USN Ubuntu USN USN-8124-1 Bind vulnerabilities
History

Thu, 21 May 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-401
CPEs cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*

Thu, 26 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
Description A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.
Title Memory leak in code preparing DNSSEC proofs of non-existence
First Time appeared Isc
Isc bind
Weaknesses CWE-772
CPEs cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*
Vendors & Products Isc
Isc bind
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Isc Bind
cve-icon MITRE

Status: PUBLISHED

Assigner: isc

Published:

Updated: 2026-03-25T14:56:26.373Z

Reserved: 2026-02-24T10:04:57.917Z

Link: CVE-2026-3104

cve-icon Vulnrichment

Updated: 2026-03-25T14:56:22.796Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T14:16:36.890

Modified: 2026-05-21T15:26:06.317

Link: CVE-2026-3104

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-25T13:29:19Z

Links: CVE-2026-3104 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T17:30:15Z

Weaknesses