UBUNTU-CVE-2026-3593

HIGH7.4

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

Published May 20, 2026

Modified Yesterday

Details

Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation

Affected Packages

isc-dhcp

Ubuntu 18.04 LTS

Affected versions:

4.3.5-3ubuntu24.3.5-3ubuntu34.3.5-3ubuntu44.3.5-3ubuntu54.3.5-3ubuntu64.3.5-3ubuntu74.3.5-3ubuntu7.14.3.5-3ubuntu7.24.3.5-3ubuntu7.34.3.5-3ubuntu7.4

bind9-libs

Ubuntu 20.04 LTS

Affected versions:

1:9.11.16+dfsg-3~build11:9.11.16+dfsg-3~ubuntu1

bind9-libs

Ubuntu 22.04 LTS

Affected versions:

1:9.11.19+dfsg-2.1ubuntu11:9.11.19+dfsg-2.1ubuntu21:9.11.19+dfsg-2.1ubuntu3

isc-dhcp

Ubuntu 24.04 LTS

Affected versions:

4.4.3-P1-2ubuntu54.4.3-P1-4ubuntu14.4.3-P1-4ubuntu2

bind9

Ubuntu 25.10

Affected versions:

1:9.20.10-1ubuntu11:9.20.11-1ubuntu11:9.20.11-1ubuntu21:9.20.11-1ubuntu2.11:9.20.11-1ubuntu2.21:9.20.4-3ubuntu11:9.20.4-3ubuntu21:9.20.4-3ubuntu31:9.20.9-2ubuntu1

isc-dhcp

Ubuntu 25.10Ubuntu 26.04 LTS

Affected versions:

4.4.3-P1-4ubuntu2

bind9

Ubuntu 26.04 LTS

Affected versions:

1:9.20.11-1ubuntu21:9.20.11-1ubuntu31:9.20.18-1ubuntu11:9.20.18-1ubuntu2

References

REPORT

https://kb.isc.org/docs/cve-2026-3593

REPORT