CVE-2026-3039

EUVD-2026-31103
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets.  Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.
This issue affects BIND 9 versions 9.0.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.9.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
Affected Products (NVD)
VendorProductVersion
iscbind
9.0.0 ≤
𝑥
≤ 9.16.50
iscbind
9.18.0 ≤
𝑥
< 9.18.49
iscbind
9.20.0 ≤
𝑥
< 9.20.23
iscbind
9.21.0 ≤
𝑥
< 9.21.22
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bind9
bookworm
vulnerable
bookworm (security)
1:9.18.49-1~deb12u1
fixed
bullseye
vulnerable
bullseye (security)
vulnerable
forky
1:9.20.24-1
fixed
sid
1:9.20.24-1
fixed
trixie
vulnerable
trixie (security)
1:9.20.23-1~deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
bind
suse enterprise sap 15 SP7
9.20.23-150700.3.25.1
fixed
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
suse enterprise server 15 SP4
9.16.50-150400.5.62.1
fixed
suse enterprise server 15 SP5
9.16.50-150500.8.38.1
fixed
suse enterprise server 15 SP6
9.18.49-150600.3.26.1
fixed
suse enterprise server 15 SP7
9.20.23-150700.3.25.1
fixed
bind-chrootenv
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
bind-devel
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
bind-doc
suse enterprise sap 15 SP7
9.20.23-150700.3.25.1
fixed
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
suse enterprise server 15 SP4
9.16.50-150400.5.62.1
fixed
suse enterprise server 15 SP5
9.16.50-150500.8.38.1
fixed
suse enterprise server 15 SP6
9.18.49-150600.3.26.1
fixed
suse enterprise server 15 SP7
9.20.23-150700.3.25.1
fixed
bind-utils
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
suse enterprise server 15 SP4
9.16.50-150400.5.62.1
fixed
suse enterprise server 15 SP5
9.16.50-150500.8.38.1
fixed
suse enterprise server 15 SP6
9.18.49-150600.3.26.1
fixed
libbind9-161
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
libdns1110
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
libirs161
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
libisc1107
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
libisc1107-32bit
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
libisccc161
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
libisccfg163
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
liblwres161
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
python-bind
suse enterprise server 12 SP5
9.11.22-3.71.1
fixed
python3-bind
suse enterprise server 15 SP4
9.16.50-150400.5.62.1
fixed
suse enterprise server 15 SP5
9.16.50-150500.8.38.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
bind
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-chroot
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-devel
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-dnssec-doc
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-dnssec-utils
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-doc
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-export-devel
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-export-libs
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-libs
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-libs-lite
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-license
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind-lite-devel
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-pkcs11
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-pkcs11-devel
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-pkcs11-libs
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-pkcs11-utils
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-sdb
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-sdb-chroot
RHEL 8
32:9.11.36-16.el8_10.8
fixed
bind-utils
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
bind9.16
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-chroot
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-devel
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-dnssec-utils
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-doc
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-libs
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-license
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.16-utils
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
bind9.18
RHEL 9
32:9.18.29-14.el9_8.2
fixed
bind9.18-chroot
RHEL 9
32:9.18.29-14.el9_8.2
fixed
bind9.18-devel
RHEL 9
32:9.18.29-14.el9_8.2
fixed
bind9.18-dnssec-utils
RHEL 9
32:9.18.29-14.el9_8.2
fixed
bind9.18-doc
RHEL 9
32:9.18.29-14.el9_8.2
fixed
bind9.18-libs
RHEL 9
32:9.18.29-14.el9_8.2
fixed
bind9.18-utils
RHEL 9
32:9.18.29-14.el9_8.2
fixed
python3-bind
RHEL 8
32:9.11.36-16.el8_10.8
fixed
RHEL 9
32:9.16.23-40.el9_8.2
fixed
python3-bind9.16
RHEL 8
32:9.16.23-0.22.el8_10.6
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
bind
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-chroot
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-debuginfo
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-debugsource
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-dnssec-utils
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-dnssec-utils-debuginfo
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-doc
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-export-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-export-libs
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-libs
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-libs-debuginfo
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-libs-lite
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-license
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-lite-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-pkcs11
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-pkcs11-devel
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-pkcs11-libs
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-pkcs11-utils
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-sdb
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-sdb-chroot
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
bind-utils
Amazon Linux 2
32:9.11.4-26.P2.amzn2.13.15
fixed
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
bind-utils-debuginfo
Amazon Linux 2023
32:9.18.49-1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
bind
Azure Linux 3.0
0:9.20.23-1.azl3
fixed