{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3593", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "state": "PUBLISHED", "assignerShortName": "isc", "dateReserved": "2026-03-05T12:57:16.981Z", "datePublished": "2026-05-20T13:09:47.178Z", "dateUpdated": "2026-05-20T13:40:45.166Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2026-05-20T13:09:47.178Z"}, "title": "Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation", "datePublic": "2026-05-20T00:00:00.000Z", "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"version": "9.20.0", "lessThanOrEqual": "9.20.22", "status": "affected", "versionType": "custom"}, {"version": "9.21.0", "lessThanOrEqual": "9.21.21", "status": "affected", "versionType": "custom"}, {"version": "9.20.9-S1", "lessThanOrEqual": "9.20.22-S1", "status": "affected", "versionType": "custom"}, {"version": "9.18.0", "lessThanOrEqual": "9.18.48", "status": "unaffected", "versionType": "custom"}, {"version": "9.18.11-S1", "lessThanOrEqual": "9.18.48-S1", "status": "unaffected", "versionType": "custom"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"nodes": [{"operator": "OR", "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.20.0", "versionEndIncluding": "9.20.22"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.21.0", "versionEndIncluding": "9.21.21"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.20.9-S1", "versionEndIncluding": "9.20.22-S1"}, {"vulnerable": false, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.18.0", "versionEndIncluding": "9.18.48"}, {"vulnerable": false, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.18.11-S1", "versionEndIncluding": "9.18.48-S1"}]}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 7.4, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption."}]}], "workarounds": [{"lang": "en", "value": "Configurations not using DNS-over-HTTPS should not be affected. Disabling DNS-over-HTTPS is likewise an effective workaround."}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1."}], "credits": [{"lang": "en", "value": "ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention."}], "references": [{"url": "https://kb.isc.org/docs/cve-2026-3593", "name": "CVE-2026-3593", "tags": ["vendor-advisory"]}, {"url": "https://downloads.isc.org/isc/bind9/9.20.23", "tags": ["patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.21.22", "tags": ["patch"]}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-20T13:40:34.896109Z", "id": "CVE-2026-3593", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-20T13:40:45.166Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3593", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-20T13:40:34.896109Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-20T13:40:40.119Z"}}], "cna": {"title": "Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption."}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "ISC", "product": "BIND 9", "versions": [{"status": "affected", "version": "9.20.0", "versionType": "custom", "lessThanOrEqual": "9.20.22"}, {"status": "affected", "version": "9.21.0", "versionType": "custom", "lessThanOrEqual": "9.21.21"}, {"status": "affected", "version": "9.20.9-S1", "versionType": "custom", "lessThanOrEqual": "9.20.22-S1"}, {"status": "unaffected", "version": "9.18.0", "versionType": "custom", "lessThanOrEqual": "9.18.48"}, {"status": "unaffected", "version": "9.18.11-S1", "versionType": "custom", "lessThanOrEqual": "9.18.48-S1"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "We are not aware of any active exploits."}], "solutions": [{"lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1."}], "datePublic": "2026-05-20T00:00:00.000Z", "references": [{"url": "https://kb.isc.org/docs/cve-2026-3593", "name": "CVE-2026-3593", "tags": ["vendor-advisory"]}, {"url": "https://downloads.isc.org/isc/bind9/9.20.23", "tags": ["patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.21.22", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "Configurations not using DNS-over-HTTPS should not be affected. Disabling DNS-over-HTTPS is likewise an effective workaround."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "9.20.22", "versionStartIncluding": "9.20.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "9.21.21", "versionStartIncluding": "9.21.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "9.20.22-S1", "versionStartIncluding": "9.20.9-S1"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": false, "versionEndIncluding": "9.18.48", "versionStartIncluding": "9.18.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "vulnerable": false, "versionEndIncluding": "9.18.48-S1", "versionStartIncluding": "9.18.11-S1"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc", "dateUpdated": "2026-05-20T13:09:47.178Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3593", "state": "PUBLISHED", "dateUpdated": "2026-05-20T13:40:45.166Z", "dateReserved": "2026-03-05T12:57:16.981Z", "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "datePublished": "2026-05-20T13:09:47.178Z", "assignerShortName": "isc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "D92461F1-BA01-479E-B740-38855CC216E6", "versionEndExcluding": "9.20.23", "versionStartIncluding": "9.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "matchCriteriaId": "B254E8E7-3F57-4552-ACBF-623FA481B697", "versionEndExcluding": "9.21.22", "versionStartIncluding": "9.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."}], "id": "CVE-2026-3593", "lastModified": "2026-05-21T15:24:31.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "security-officer@isc.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-05-20T13:16:23.923", "references": [{"source": "security-officer@isc.org", "tags": ["Patch"], "url": "https://downloads.isc.org/isc/bind9/9.20.23"}, {"source": "security-officer@isc.org", "tags": ["Patch"], "url": "https://downloads.isc.org/isc/bind9/9.21.22"}, {"source": "security-officer@isc.org", "tags": ["Vendor Advisory"], "url": "https://kb.isc.org/docs/cve-2026-3593"}], "sourceIdentifier": "security-officer@isc.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "security-officer@isc.org", "type": "Secondary"}]}

{"bugzilla": {"description": "bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation", "id": "2479770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2479770"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-825", "details": ["A flaw was found in the BIND (Berkeley Internet Name Domain) DNS-over-HTTPS implementation. A remote attacker could send specially crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint, leading to a use-after-free vulnerability. This could trigger memory corruption, potentially allowing the attacker to cause a denial of service or, in some cases, execute arbitrary code."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-3593", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "bind9.16", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "bind9.18", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dhcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "bind", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-05-21T11:59:02Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-3593\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-3593"], "statement": "Important: A heap use-after-free vulnerability in BIND's DNS-over-HTTPS implementation allows a remote attacker to trigger memory corruption by sending crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint. This affects both authoritative servers and resolvers configured to use DNS-over-HTTPS, potentially leading to denial of service or other impacts.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.20.0,9.20.22]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.21.0,9.21.21]"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[9.20.9-S1,9.20.22-S1]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[9.18.0,9.18.48]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[9.18.11-S1,9.18.48-S1]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "BIND 9", "source": "cna", "vendor": "ISC"}, "product": "bind", "vendor": "isc"}], "created": "2026-05-20T14:45:32.459318+00:00", "updated": "2026-05-22T03:00:12.320451+00:00", "vendors": ["isc", "isc$PRODUCT$bind"]}