【Vulnerability Advisory】Significant Security Vulnerability in Internet Systems Consortium (ISC) BIND (CVE-2026-3104)

• Subject: 【Vulnerability Advisory】Significant Security Vulnerability in Internet Systems Consortium (ISC) BIND (CVE-2026-3104)

• Description:
  • Forwarded from TWCERT/CC Security Advisory: TWCERTCC-200-202604-00000001
  • Recently, the Internet Systems Consortium (ISC) released a critical security announcement for BIND (CVE-2026-3104, CVSS: 7.5). This vulnerability allows a specially crafted domain name to cause a memory leak in the BIND resolver.
• Affected Platforms:
  • BIND versions 9.20.0 to 9.20.20
  • BIND versions 9.21.0 to 9.21.19
  • BIND versions 9.20.9-S1 to 9.20.20-S1
• Recommended Actions:
  • Apply patches according to the solutions released on the official website: https://kb.isc.org/docs/cve-2026-3104
• Reference Materials:
  1. https://www.twcert.org.tw/tw/cp-169-10818-cb2ee-1.html

Computer and Communication Center
Network Systems Division