CVE-2026-3593 (GCVE-0-2026-3593)
Vulnerability from cvelistv5 – Published: 2026-05-20 13:09 – Updated: 2026-06-30 12:09
VLAI?
Title
Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
Summary
A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.
This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.
BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected.
Severity ?
7.4 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
Credits
ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3593",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T13:40:34.896109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T13:40:45.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-21T11:59:02.348Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the BIND (Berkeley Internet Name Domain) DNS-over-HTTPS implementation. A remote attacker could send specially crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint, leading to a use-after-free vulnerability. This could trigger memory corruption, potentially allowing the attacker to cause a denial of service or, in some cases, execute arbitrary code."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:09:24.891Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-3593"
},
{
"name": "RHBZ#2479770",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479770"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3593.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:7412"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:7412: Red Hat Hardened Images"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-19T09:55:25.800Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-21T11:59:02.348Z",
"value": "Made public."
}
],
"title": "bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.20.22",
"status": "affected",
"version": "9.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.21.21",
"status": "affected",
"version": "9.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.20.22-S1",
"status": "affected",
"version": "9.20.9-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.48",
"status": "unaffected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.48-S1",
"status": "unaffected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.22",
"versionStartIncluding": "9.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.21.21",
"versionStartIncluding": "9.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.20.22-S1",
"versionStartIncluding": "9.20.9-S1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.48",
"versionStartIncluding": "9.18.0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
"versionEndIncluding": "9.18.48-S1",
"versionStartIncluding": "9.18.11-S1",
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention."
}
],
"datePublic": "2026-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T13:09:47.178Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2026-3593",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2026-3593"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.20.23"
},
{
"tags": [
"patch"
],
"url": "https://downloads.isc.org/isc/bind9/9.21.22"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation",
"workarounds": [
{
"lang": "en",
"value": "Configurations not using DNS-over-HTTPS should not be affected. Disabling DNS-over-HTTPS is likewise an effective workaround."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2026-3593",
"datePublished": "2026-05-20T13:09:47.178Z",
"dateReserved": "2026-03-05T12:57:16.981Z",
"dateUpdated": "2026-06-30T12:09:24.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…