PT-2026-27770 · Isc+4 · Bind+4

Bastien Roucariès

·

Published

2026-01-01

·

Updated

2026-05-21

·

CVE-2026-1519

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions BIND versions 9.11.0 through 9.16.50 BIND versions 9.18.0 through 9.18.46 BIND versions 9.20.0 through 9.20.20 BIND versions 9.21.0 through 9.21.19 BIND versions 9.11.3-S1 through 9.16.50-S1 BIND versions 9.18.11-S1 through 9.18.46-S1 BIND versions 9.20.9-S1 through 9.20.20-S1
Description A maliciously crafted DNS zone can cause excessive CPU consumption in a BIND resolver performing DNSSEC validation. Authoritative-only servers are generally not affected, but may be vulnerable if they make recursive queries.
Recommendations Update BIND to a version beyond 9.16.50. Update BIND to a version beyond 9.18.46. Update BIND to a version beyond 9.20.20. Update BIND to a version beyond 9.21.19. Update BIND to a version beyond 9.16.50-S1. Update BIND to a version beyond 9.18.46-S1. Update BIND to a version beyond 9.20.20-S1.

Fix

DoS

Weakness Enumeration

CWE-606

Related Identifiers

ALSA-2026:7915
ALSA-2026:8075
ALSA-2026:8155
ALSA-2026:8312
ALSA-2026:8352
CVE-2026-1519
MGASA-2026-0152
OESA-2026-2058
OESA-2026-2059
OESA-2026-2060
OESA-2026-2061
OESA-2026-2062
OPENSUSE-SU-2026:10448-1
OPENSUSE-SU-2026:20550-1
RHSA-2026:11371
RHSA-2026:11372
RHSA-2026:15890
RHSA-2026:16060
RHSA-2026:16064
RHSA-2026:6935
RHSA-2026:7915
RHSA-2026:8075
RHSA-2026:8155
RHSA-2026:8312
RHSA-2026:8352
SUSE-SU-2026:1209-1
SUSE-SU-2026:1229-1
SUSE-SU-2026:1230-1
SUSE-SU-2026:1312-1
SUSE-SU-2026:1351-1
SUSE-SU-2026:1366-1
SUSE-SU-2026:1428-1
SUSE-SU-2026:21204-1
USN-8124-1

Affected Products

Bind
Bind Server
Linuxmint
Rocky Linux
Ubuntu