Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-3593

Summary
Assigner-isc
Assigner Org ID-404fd4d2-a609-4245-b543-2c944a302a22
Published At-20 May, 2026 | 13:09
Updated At-20 May, 2026 | 13:40
Rejected At-
Credits

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:isc
Assigner Org ID:404fd4d2-a609-4245-b543-2c944a302a22
Published At:20 May, 2026 | 13:09
Updated At:20 May, 2026 | 13:40
Rejected At:
â–¼CVE Numbering Authority (CNA)
Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

Affected Products
Vendor
Internet Systems Consortium, Inc.ISC
Product
BIND 9
Default Status
unaffected
Versions
Affected
  • From 9.20.0 through 9.20.22 (custom)
  • From 9.21.0 through 9.21.21 (custom)
  • From 9.20.9-S1 through 9.20.22-S1 (custom)
Unaffected
  • From 9.18.0 through 9.18.48 (custom)
  • From 9.18.11-S1 through 9.18.48-S1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
N/ACrafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption.
CAPEC ID: N/A
Description: Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption.
Solutions

Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1.

Configurations
Workarounds

Configurations not using DNS-over-HTTPS should not be affected. Disabling DNS-over-HTTPS is likewise an effective workaround.

Exploits

We are not aware of any active exploits.

Credits
ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.isc.org/docs/cve-2026-3593
vendor-advisory
https://downloads.isc.org/isc/bind9/9.20.23
patch
https://downloads.isc.org/isc/bind9/9.21.22
patch
Hyperlink: https://kb.isc.org/docs/cve-2026-3593
Resource:
vendor-advisory
Hyperlink: https://downloads.isc.org/isc/bind9/9.20.23
Resource:
patch
Hyperlink: https://downloads.isc.org/isc/bind9/9.21.22
Resource:
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-officer@isc.org
Published At:20 May, 2026 | 13:16
Updated At:20 May, 2026 | 14:04

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.4HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Type: Primary
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-416Secondarysecurity-officer@isc.org
CWE ID: CWE-416
Type: Secondary
Source: security-officer@isc.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://downloads.isc.org/isc/bind9/9.20.23security-officer@isc.org
N/A
https://downloads.isc.org/isc/bind9/9.21.22security-officer@isc.org
N/A
https://kb.isc.org/docs/cve-2026-3593security-officer@isc.org
N/A
Hyperlink: https://downloads.isc.org/isc/bind9/9.20.23
Source: security-officer@isc.org
Resource: N/A
Hyperlink: https://downloads.isc.org/isc/bind9/9.21.22
Source: security-officer@isc.org
Resource: N/A
Hyperlink: https://kb.isc.org/docs/cve-2026-3593
Source: security-officer@isc.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4Records found
CVE-2026-5947
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-20 May, 2026 | 13:10
Updated-20 May, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SIG(0) validation during query flood may lead to undefined behavior

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-BIND 9
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2022-3094
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-2.34% / 85.03%
||
7 Day CHG+0.66%
Published-25 Jan, 2023 | 21:34
Updated-01 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An UPDATE message flood may cause named to exhaust all available memory

Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.

Action-Not Available
Vendor-Internet Systems Consortium, Inc.
Product-bindBIND 9
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-416
Use After Free
CVE-2017-3145
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
ShareView Details
Matching Score-6
Assigner-Internet Systems Consortium (ISC)
CVSS Score-7.5||HIGH
EPSS-7.99% / 92.17%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 20:00
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper fetch cleanup sequencing in the resolver can cause named to crash

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. Affects BIND 9.0.0 to 9.8.x, 9.9.0 to 9.9.11, 9.10.0 to 9.10.6, 9.11.0 to 9.11.2, 9.9.3-S1 to 9.9.11-S1, 9.10.5-S1 to 9.10.6-S1, 9.12.0a1 to 9.12.0rc1.

Action-Not Available
Vendor-NetApp, Inc.Debian GNU/LinuxInternet Systems Consortium, Inc.Red Hat, Inc.Juniper Networks, Inc.
Product-enterprise_linux_serversrx345srx5800enterprise_linux_server_eussrx110srx4000enterprise_linux_server_aussrx550_hmsrx220srx240h2srx5400srx100srx3400enterprise_linux_workstationsrx300srx550junossrx240menterprise_linux_desktopsrx210srx1500srx380srx4200srx340srx4100srx240srx3600srx5000srx1400debian_linuxsrx320data_ontap_edgesrx5600bindenterprise_linux_server_tussrx650srx4600srx550mBIND 9
CWE ID-CWE-416
Use After Free
CVE-2025-8410
Matching Score-4
Assigner-Real-Time Innovations, Inc.
ShareView Details
Matching Score-4
Assigner-Real-Time Innovations, Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.04% / 11.35%
||
7 Day CHG~0.00%
Published-23 Sep, 2025 | 17:52
Updated-16 Dec, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.

Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.

Action-Not Available
Vendor-rtiRTI
Product-connext_professionalConnext Professional
CWE ID-CWE-416
Use After Free
CWE ID-CWE-125
Out-of-bounds Read
Details not found