ISC BIND
Moderate fix3 remedies
Moderate fix3 remedies
- >= 9.20.0, <= 9.20.22
- >= 9.21.0, <= 9.21.21
- >= 9.20.9-S1, <= 9.20.22-S1
ISC BIND 9 SIG(0) Validation Race Condition Vulnerability Leading to Use-After-Free
Vulnerability
Patched
A race condition in ISC BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1 can cause undefined behavior due to a use-after-free violation. When BIND receives a DNS message signed with SIG(0), it validates the signature. If the 'recursive-clients' limit is reached during this process, the message may be discarded. This creates a brief window where the validation can attempt to read the discarded message, leading to potential memory corruption.
Impact
Exploitation of this vulnerability can cause the BIND process to abort with a segmentation violation or similar error. However, if the memory from the discarded message has not been reused, the validation might proceed normally, potentially allowing for a more subtle form of exploitation.
Remediation
Users can upgrade to BIND 9.20.23, 9.21.22, or 9.20.23-S1 to address this vulnerability.
Added: May 20, 2026, 1:20 PM
Updated: May 20, 2026, 1:20 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
3.1exploitability
6.9remediation
0.0relevance
8.7threat
3.2urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.