CVE-2026-5950
EUVD-2026-3110920.05.2026, 13:16
An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 through 9.18.48, 9.20.8 through 9.20.22, 9.21.7 through 9.21.21, 9.18.36-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| isc | bind | 9.18.36 ≤ 𝑥 < 9.18.49 |
| isc | bind | 9.20.8 ≤ 𝑥 < 9.20.23 |
| isc | bind | 9.21.7 ≤ 𝑥 < 9.21.21 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||
|---|---|---|---|---|---|---|---|
| bind |
| ||||||
| bind-doc |
| ||||||
| bind-utils |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| bind |
| ||||
| bind-chroot |
| ||||
| bind-debuginfo |
| ||||
| bind-debugsource |
| ||||
| bind-devel |
| ||||
| bind-dnssec-utils |
| ||||
| bind-dnssec-utils-debuginfo |
| ||||
| bind-doc |
| ||||
| bind-export-devel |
| ||||
| bind-export-libs |
| ||||
| bind-libs |
| ||||
| bind-libs-debuginfo |
| ||||
| bind-libs-lite |
| ||||
| bind-license |
| ||||
| bind-lite-devel |
| ||||
| bind-pkcs11 |
| ||||
| bind-pkcs11-devel |
| ||||
| bind-pkcs11-libs |
| ||||
| bind-pkcs11-utils |
| ||||
| bind-sdb |
| ||||
| bind-sdb-chroot |
| ||||
| bind-utils |
| ||||
| bind-utils-debuginfo |
|
Common Weakness Enumeration