- Description
- BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments. This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
- Source
- security-officer@isc.org
- NVD status
- Analyzed
- Products
- bind
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-officer@isc.org
- CWE-771
- Hype score
- Not currently trending
【BINDに複数脆弱性、DNS運用者は更新確認を】 JVNは、BINDに複数の脆弱性が存在すると公表しました。 対象には CVE-2026-3039、CVE-2026-3592、CVE-2026-3593、CVE-2026-5946、CVE-2026-5947、CVE-2026-5950 が含まれ、サービス運用
@01ra66it
25 May 2026
209 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
【ISC BINDに複数脆弱性、DNS可用性への影響に注意】 JVNは、ISC BINDにおける複数の脆弱性を公開しました。対象にはCVE-2026-3039、CVE-2026-3592、CVE-2026-3593、CVE-2026-5946、CVE-2026-5947、CVE-2026-5950が含まれ、DoS、メモリ破
@01ra66it
23 May 2026
167 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【BIND 9に複数脆弱性、DNS運用者は更新確認を】 JVNは、ISC BINDにおける複数の脆弱性を公表しました。対象にはCVE-2026-3039、CVE-2026-3592、CVE-2026-3593、CVE-2026-5946、CVE-2026-5947、CVE-2026-5950が含まれます。
@01ra66it
21 May 2026
202 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
JVNVU#99225456: ISC BINDにおける複数の脆弱性(2026年5月) https://t.co/CVPAVe4C8c "遠隔の攻撃者によって、サービス運用妨害(DoS)攻撃を引き起こされる(CVE-2026-3039、CVE-2026-3592、CVE-2026-5946、CVE-2026-5947、CVE-2026-5950)" h
@catnap707
21 May 2026
181 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
BIND9の脆弱性(High: CVE-2026-3039, CVE-2026-3593, CVE-2026-5946, CVE-2026-5947, Medium: CVE-206-3592, CVE-206-5950)と9.18.49, 9.20.23, 9.21.22公開 #sios_tech #security #vulnerability #セキュリティ #脆弱性 #dns #bind https://t.co/C3ftLMSEDR
@omokazuki
20 May 2026
306 Impressions
4 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2026-3039: BIND 9 server memory exhaustion during GSS-API TKEY negotiation https://t.co/EMZAionau9
@fj_twt
20 May 2026
260 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "8C7AB360-9A41-4E0A-B02A-27E3F7F5AB7C",
"versionEndIncluding": "9.16.50",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "49533F8C-D7B5-450A-8808-7E1C76F4FAE4",
"versionEndExcluding": "9.18.49",
"versionStartIncluding": "9.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "D92461F1-BA01-479E-B740-38855CC216E6",
"versionEndExcluding": "9.20.23",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "B254E8E7-3F57-4552-ACBF-623FA481B697",
"versionEndExcluding": "9.21.22",
"versionStartIncluding": "9.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]