ISC BIND 9
Moderate fix3 remedies
cpe:2.3:a:isc:bind:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 9.20.0, <= 9.20.20
- >= 9.21.0, <= 9.21.19
- >= 9.20.9-S1, <= 9.20.20-S1
ISC BIND 9 SIG(0) Handling Use-After-Return Vulnerability Leading to ACL Bypass
Vulnerability
Patched
A use-after-return vulnerability has been identified in the ISC BIND 9 DNS server, specifically in versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1. This vulnerability occurs when the server processes DNS queries signed with SIG(0). An attacker can exploit this flaw by sending a specially-crafted DNS request that causes an Access Control List (ACL) to incorrectly match an IP address. In environments using a default-allow ACL, this could result in unauthorized access. Authoritative servers and resolvers are both affected by this vulnerability.
Impact
Exploitation of this vulnerability can lead to an ACL improperly matching an IP address, potentially allowing unauthorized access in default-allow ACL configurations.
Remediation
Users can upgrade to BIND 9.20.21, 9.21.20, or 9.20.21-S1 to address this vulnerability.
Added: Mar 25, 2026, 2:19 PM
Updated: Mar 25, 2026, 2:19 PM
Vulnerability Rating
Custom Algorithm
spread
7.3impact
1.3exploitability
8.1remediation
7.7relevance
4.6threat
3.2urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.