Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Summary
| CVE | CVE-2026-3593 |
|---|---|
| State | PUBLISHED |
| Assigner | isc |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-20 13:16:23 UTC |
| Updated | 2026-07-15 02:21:01 UTC |
| Description | A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected. |
Risk And Classification
Primary CVSS: v3.1 9.8 CRITICAL from [email protected]
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.000380000 probability, percentile 0.115460000 (date 2026-05-27)
Problem Types: CWE-416 | CWE-825 | CWE-416 CWE-416 Use After Free | CWE-825 Expired Pointer Dereference
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Primary | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | ADP | CVSS | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
| 3.1 | [email protected] | Secondary | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
| 3.1 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | Secondary | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
| 3.1 | CNA | DECLARED | 7.4 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
CVSS v3.1 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | ISC | BIND 9 | affected 9.20.0 9.20.22 custom | Not specified |
| CNA | ISC | BIND 9 | affected 9.21.0 9.21.21 custom | Not specified |
| CNA | ISC | BIND 9 | affected 9.20.9-S1 9.20.22-S1 custom | Not specified |
| CNA | ISC | BIND 9 | unaffected 9.18.0 9.18.48 custom | Not specified |
| CNA | ISC | BIND 9 | unaffected 9.18.11-S1 9.18.48-S1 custom | Not specified |
| ADP | Red Hat | Red Hat Hardened Images | unaffected 9.18.48-1.1.hum1 * rpm | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 10 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 6 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 7 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 8 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat Enterprise Linux 9 | Not specified | Not specified |
| ADP | Red Hat | Red Hat OpenShift Container Platform 4 | Not specified | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| downloads.isc.org/isc/bind9/9.21.22 | [email protected] | downloads.isc.org | Patch |
| security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3593.json | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | security.access.redhat.com | |
| downloads.isc.org/isc/bind9/9.20.23 | [email protected] | downloads.isc.org | Patch |
| access.redhat.com/errata/RHSA-2026:7412 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| kb.isc.org/docs/cve-2026-3593 | [email protected] | kb.isc.org | Vendor Advisory |
| access.redhat.com/security/cve/CVE-2026-3593 | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | access.redhat.com | |
| bugzilla.redhat.com/show_bug.cgi | 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention. (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-05-19T09:55:25.800Z | Reported to Red Hat. |
| ADP | 2026-05-21T11:59:02.348Z | Made public. |
Solutions
CNA: Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1.
ADP: RHSA-2026:7412: Red Hat Hardened Images
Workarounds
CNA: Configurations not using DNS-over-HTTPS should not be affected. Disabling DNS-over-HTTPS is likewise an effective workaround.
ADP: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Exploits
CNA: We are not aware of any active exploits.