Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-21T12:32:55 bind: BIND: Denial of Service via specially crafted DNS messages 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CWE-1287

Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or `HESIOD`, or DNS messages that specify meta-classes (`ANY` or `NONE`) in the question section. Specially crafted requests reaching the affected code paths — recursion, dynamic updates (`UPDATE`), zone change notifications (`NOTIFY`), or processing of `IN`-specific record types in non-`IN` data — can cause assertion failures in `named`. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1.

A flaw was found in the bind component, specifically within the `named` daemon. This vulnerability allows a remote attacker to send specially crafted Domain Name System (DNS) messages. These messages, which use unusual classes or meta-classes, can trigger assertion failures in the `named` daemon when processed. Successful exploitation leads to an application level Denial of Service (DoS), making the DNS service unavailable.

This is rated as an Important denial of service vulnerability. The `named` daemon is susceptible to crashes when processing specially crafted DNS messages that utilize non-Internet (IN) classes or meta-classes. This can lead to service unavailability if an attacker sends malicious requests targeting recursion, dynamic updates, zone change notifications, or specific record type processing. Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. Red Hat Enterprise Linux 10 2026-06-08T00:00:00Z RHSA-2026:24338 bind-32:9.18.33-15.el10_2.2 Red Hat Enterprise Linux 8 2026-06-04T00:00:00Z RHSA-2026:23360 bind9.16-32:9.16.23-0.22.el8_10.6 Red Hat Enterprise Linux 8 2026-06-08T00:00:00Z RHSA-2026:24339 bind-32:9.11.36-16.el8_10.8 Red Hat Enterprise Linux 8 2026-06-08T00:00:00Z RHSA-2026:24339 bind-32:9.11.36-16.el8_10.8 Red Hat Enterprise Linux 9 2026-06-08T00:00:00Z RHSA-2026:24368 bind9.18-32:9.18.29-14.el9_8.2 Red Hat Hardened Images 2026-05-21T00:00:00Z RHSA-2026:20334 bind-main-9.18.49-1.hum1 Red Hat Enterprise Linux 6 Affected bind Red Hat Enterprise Linux 7 Affected bind Red Hat Enterprise Linux 9 Affected bind Red Hat Enterprise Linux 9 Not affected dhcp Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-5946 https://nvd.nist.gov/vuln/detail/CVE-2026-5946