CVE-2026-3119

{"id": "CVE-2026-3119", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security-officer@isc.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-03-25T14:16:37.097", "references": [{"url": "https://downloads.isc.org/isc/bind9/9.20.21", "tags": ["Patch"], "source": "security-officer@isc.org"}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "tags": ["Patch"], "source": "security-officer@isc.org"}, {"url": "https://kb.isc.org/docs/cve-2026-3119", "tags": ["Vendor Advisory"], "source": "security-officer@isc.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-officer@isc.org", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."}, {"lang": "es", "value": "Bajo ciertas condiciones, 'named' puede colapsar al procesar una consulta correctamente firmada que contiene un registro TKEY. El c\u00f3digo afectado solo se puede acceder si una solicitud entrante tiene una firma de transacci\u00f3n (TSIG) v\u00e1lida de una clave declarada en la configuraci\u00f3n de 'named'.\nEste problema afecta a las versiones de BIND 9 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, y 9.20.9-S1 a 9.20.20-S1.\nLas versiones de BIND 9 9.18.0 a 9.18.46 y 9.18.11-S1 a 9.18.46-S1 NO est\u00e1n afectadas."}], "lastModified": "2026-05-21T15:24:39.320", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "2C0EF5D0-68A6-4E00-985B-523D9B243E49", "versionEndExcluding": "9.20.21", "versionStartIncluding": "9.20.0"}, {"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B", "versionEndExcluding": "9.21.20", "versionStartIncluding": "9.21.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-officer@isc.org"}