{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-3593","assignerOrgId":"404fd4d2-a609-4245-b543-2c944a302a22","state":"PUBLISHED","assignerShortName":"isc","dateReserved":"2026-03-05T12:57:16.981Z","datePublished":"2026-05-20T13:09:47.178Z","dateUpdated":"2026-06-30T12:09:24.891Z"},"containers":{"cna":{"providerMetadata":{"orgId":"404fd4d2-a609-4245-b543-2c944a302a22","shortName":"isc","dateUpdated":"2026-05-20T13:09:47.178Z"},"title":"Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation","datePublic":"2026-05-20T00:00:00.000Z","affected":[{"vendor":"ISC","product":"BIND 9","versions":[{"version":"9.20.0","lessThanOrEqual":"9.20.22","status":"affected","versionType":"custom"},{"version":"9.21.0","lessThanOrEqual":"9.21.21","status":"affected","versionType":"custom"},{"version":"9.20.9-S1","lessThanOrEqual":"9.20.22-S1","status":"affected","versionType":"custom"},{"version":"9.18.0","lessThanOrEqual":"9.18.48","status":"unaffected","versionType":"custom"},{"version":"9.18.11-S1","lessThanOrEqual":"9.18.48-S1","status":"unaffected","versionType":"custom"}],"defaultStatus":"unaffected"}],"cpeApplicability":[{"nodes":[{"operator":"OR","cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.0","versionEndIncluding":"9.20.22"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.21.0","versionEndIncluding":"9.21.21"},{"vulnerable":true,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.20.9-S1","versionEndIncluding":"9.20.22-S1"},{"vulnerable":false,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.0","versionEndIncluding":"9.18.48"},{"vulnerable":false,"criteria":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","versionStartIncluding":"9.18.11-S1","versionEndIncluding":"9.18.48-S1"}]}]}],"metrics":[{"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":7.4,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","type":"CWE","cweId":"CWE-416","description":"CWE-416 Use After Free"}]}],"descriptions":[{"lang":"en","value":"A use-after-free vulnerability exists within the DNS-over-HTTPS implementation.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1.\nBIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected."}],"impacts":[{"descriptions":[{"lang":"en","value":"Crafted HTTP/2 traffic sent to a DNS-over-HTTPS endpoint can be used to trigger memory corruption."}]}],"workarounds":[{"lang":"en","value":"Configurations not using DNS-over-HTTPS should not be affected.  Disabling DNS-over-HTTPS is likewise an effective workaround."}],"exploits":[{"lang":"en","value":"We are not aware of any active exploits."}],"solutions":[{"lang":"en","value":"Upgrade to the patched release most closely related to your current version of BIND 9: 9.20.23, 9.21.22, or 9.20.23-S1."}],"credits":[{"lang":"en","value":"ISC would like to thank Naresh Kandula Parmar (Nottiboy) for bringing this vulnerability to our attention."}],"references":[{"url":"https://kb.isc.org/docs/cve-2026-3593","name":"CVE-2026-3593","tags":["vendor-advisory"]},{"url":"https://downloads.isc.org/isc/bind9/9.20.23","tags":["patch"]},{"url":"https://downloads.isc.org/isc/bind9/9.21.22","tags":["patch"]}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-20T13:40:34.896109Z","id":"CVE-2026-3593","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-20T13:40:45.166Z"}},{"affected":[{"cpes":["cpe:/a:redhat:hummingbird:1"],"defaultStatus":"affected","product":"Red Hat Hardened Images","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:6"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 6","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:7"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"}],"datePublic":"2026-05-21T11:59:02.348Z","descriptions":[{"lang":"en","value":"A flaw was found in the BIND (Berkeley Internet Name Domain) DNS-over-HTTPS implementation. A remote attacker could send specially crafted HTTP/2 traffic to a DNS-over-HTTPS endpoint, leading to a use-after-free vulnerability. This could trigger memory corruption, potentially allowing the attacker to cause a denial of service or, in some cases, execute arbitrary code."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-825","description":"Expired Pointer Dereference","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-3593"},{"name":"RHBZ#2479770","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479770"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-3593.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:7412"}],"solutions":[{"lang":"en","value":"RHSA-2026:7412: Red Hat Hardened Images"}],"timeline":[{"lang":"en","time":"2026-05-19T09:55:25.800Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-05-21T11:59:02.348Z","value":"Made public."}],"title":"bind: Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:09:24.891Z"}}]}}