bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation

A flaw was found in BIND. A remote attacker can exploit this vulnerability by sending maliciously-constructed packets to BIND servers configured for TKEY-based authentication via GSS-API Generic Security Service Application Program Interface tokens. This can lead to excessive memory consumption,...

RLSA-2026:23360 Important: bind9.16 security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

BIND 9 server memory exhaustion during GSS-API TKEY negotiation

...

CVE-2026-3039

A flaw was found in BIND. A remote attacker can exploit this vulnerability by sending maliciously-constructed packets to BIND servers configured for TKEY-based authentication via GSS-API Generic Security Service Application Program Interface tokens. This can lead to excessive memory consumption,...

EUVD-2026-26071

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a targ...

EUVD-2026-15411

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

CVE-2026-3119

Under certain conditions, named may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature TSIG from a key declared in the named configuration. This issue affects BIND 9 versions 9.20....

BIND TKEY Query Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BIND TKEY Query Denial of Service', 'Description' = %q This module sends a malformed TKEY query, which exploits an error in handling TKEY queries...

Monero Public Chain Has Logic Flaw Vulnerability

Monero is a cryptocurrency designed to protect transaction privacy. The vulnerability stems from the fact that transferring 1 XMR to an exchange with a duplicate TX pub key will show up as a 2 XMR deposit, which an attacker can then withdraw from the exchange's wallet.An attacker may be able to...

bind: TKEY query handling flaw leading to denial of service

A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet...

bind: TKEY query handling flaw leading to denial of service

A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named functioning as an authoritative DNS server or a DNS resolver exit unexpectedly with an assertion failure via a specially crafted DNS request packet...

USN-2693-1 bind9 vulnerabilities

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. CVE-2015-5477 Pories Ediansyah discovered that Bind incorrectly handled certain...