ISC BIND 9
Moderate fix5 remedies
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 9.18.0, <= 9.18.39
- >= 9.20.0, <= 9.20.13
- >= 9.21.0, <= 9.21.12
- >= 9.18.11-S1, <= 9.18.39-S1
- >= 9.20.9-S1, <= 9.20.13-S1
BIND 9 Resource Exhaustion Vulnerability via Malformed DNSKEY Records
Vulnerability
Patched
A resource exhaustion vulnerability has been identified in BIND 9. This issue arises when records are queried from a specially crafted zone containing certain malformed DNSKEY records, leading to CPU exhaustion. The vulnerability affects BIND 9 versions 9.18.0 prior to 9.18.39, 9.20.0 prior to 9.20.13, 9.21.0 prior to 9.21.12, as well as BIND Supported Preview Edition versions 9.18.11-S1 prior to 9.18.39-S1 and 9.20.9-S1 prior to 9.20.13-S1. While resolvers are affected by this vulnerability, authoritative services are believed to be unaffected.
Impact
Exploitation of this vulnerability can lead to significant performance degradation, causing denial-of-service conditions for legitimate clients by overwhelming the server's CPU resources.
Remediation
Users are advised to upgrade to BIND 9.18.41, 9.20.15, or 9.21.14. For BIND Supported Preview Edition, upgrade to version 9.18.41-S1 or 9.20.15-S1.
Added: Oct 22, 2025, 6:32 PM
Updated: Oct 22, 2025, 9:29 PM
Vulnerability Rating
Custom Algorithm
spread
7.3impact
2.5exploitability
7.4remediation
7.7relevance
0.7threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.