CVE-2026-3104
EUVD-2026-1541025.03.2026, 14:16
A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. BIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| isc | bind | 9.20.0 ≤ 𝑥 < 9.20.21 |
| isc | bind | 9.21.0 ≤ 𝑥 < 9.21.20 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bind9 |
| ||||||||||||||||
| bind9-libs |
| ||||||||||||||||
| isc-dhcp |
|
openSUSE / SLES Releases
Common Weakness Enumeration
- CWE-772 - Missing Release of Resource after Effective LifetimeThe software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
- CWE-401 - Missing Release of Memory after Effective LifetimeThe software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.