Volerion logoVolerion
Volerion logoVolerion

BIND 9 Unbounded Resend Loop Vulnerability Causes Resource Exhaustion

Vulnerability

A vulnerability allowing an unbounded resend loop has been identified in the BIND 9 resolver state machine. This issue arises during the handling of problematic servers, where a remote, unauthenticated attacker can send queries that trigger specific retry conditions, leading to severe resource exhaustion. The vulnerability affects BIND 9 versions 9.18.36 prior to 9.18.49, 9.20.8 prior to 9.20.23, 9.21.7 prior to 9.21.22, as well as BIND 9 Supported Preview Edition versions 9.18.36-S1 prior to 9.18.49-S1 and 9.20.9-S1 prior to 9.20.22-S1.

Impact

Exploitation of this vulnerability causes significant resource exhaustion on the affected resolver, which can lead to degraded performance or unresponsiveness.

Remediation

Users are advised to upgrade to BIND 9.18.49, 9.20.23, or 9.21.22. For those using BIND 9 Supported Preview Edition, upgrade to version 9.18.49-S1 or 9.20.23-S1.

Added: May 20, 2026, 1:19 PM
Updated: May 20, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm
spread
7.3
impact
2.5
exploitability
7.3
remediation
7.7
relevance
8.7
threat
3.2
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.