【Vulnerability Advisory】Significant Security Vulnerability in Internet Systems Consortium (ISC) BIND (CVE-2026-3104)

Post Date: 2026/04/28

Subject: 【Vulnerability Advisory】Significant Security Vulnerability in Internet Systems Consortium (ISC) BIND (CVE-2026-3104)

Description:
- Forwarded from TWCERT/CC Security Advisory: TWCERTCC-200-202604-00000001
- Recently, the Internet Systems Consortium (ISC) released a critical security announcement for BIND (CVE-2026-3104, CVSS: 7.5). This vulnerability allows a specially crafted domain name to cause a memory leak in the BIND resolver.
Affected Platforms:
- BIND versions 9.20.0 to 9.20.20
- BIND versions 9.21.0 to 9.21.19
- BIND versions 9.20.9-S1 to 9.20.20-S1
Recommended Actions:
- Apply patches according to the solutions released on the official website: https://kb.isc.org/docs/cve-2026-3104
Reference Materials:
1. https://www.twcert.org.tw/tw/cp-169-10818-cb2ee-1.html

Computer and Communication Center
Network Systems Division