ISC BIND
Moderate fix5 remedies
Moderate fix5 remedies
- >= 9.11.0, <= 9.16.50
- >= 9.18.0, <= 9.18.48
- >= 9.20.0, <= 9.20.22
- >= 9.21.0, <= 9.21.21
- >= 9.11.3-S1, <= 9.16.50-S1
- >= 9.18.11-S1, <= 9.18.48-S1
- >= 9.20.9-S1, <= 9.20.22-S1
ISC BIND 9 Amplified Resource Exhaustion Vulnerability
Vulnerability
Patched
A vulnerability exists in ISC BIND 9 resolvers, allowing for an amplified resource consumption and exhaustion attack. When a victim resolver queries a specially crafted zone, it disproportionately drains resources. This issue impacts BIND 9 versions 9.11.0 prior to 9.16.50, 9.18.0 prior to 9.18.48, 9.20.0 prior to 9.20.22, 9.21.0 prior to 9.21.21, and the BIND Supported Preview Edition in equivalent version ranges.
Impact
Exploitation of this vulnerability can lead to excessive bandwidth consumption while resolving names, potentially causing TCP-related issues. The problem primarily affects recursive resolvers. Authoritative-only servers with only trusted zones should remain unaffected, unless induced to query an attack domain from an untrusted source.
Remediation
Users can upgrade to BIND 9.18.49, 9.20.23, or 9.21.22. For BIND Supported Preview Edition, upgrade to version 9.18.49-S1, 9.20.23-S1, or 9.21.22-S1.
Added: May 20, 2026, 1:40 PM
Updated: May 20, 2026, 1:40 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
8.1remediation
0.0relevance
8.9threat
3.2urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.