rpms/bind - bind - AlmaLinux OS Foundation Git Server

rpms/bind

Fork 1

Commit Graph

Author	SHA1	Message	Date
Petr Menšík	f523ee34fd	[9.11] [CVE-2026-1519] sec: usr: Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations DNSSEC-signed zones may contain high iteration-count NSEC3 records, which prove that certain delegations are insecure. Previously, a validating resolver encountering such a delegation processed these iterations up to the number given, which could be a maximum of 65,535. This has been addressed by introducing a processing limit, set at 150. Now, if such an NSEC3 record is encountered, the delegation will be treated as insecure. ISC would like to thank Samy Medjahed/Ap4sh for bringing this vulnerability to our attention. Closes isc-projects/bind9#5708 Backport of MR !935 Resolves-Vulnerability: CVE-2026-1519 Resolves: RHEL-160106	2026-03-30 13:18:56 +02:00

Author

SHA1

Message

Date

Petr Menšík

f523ee34fd

[9.11] [CVE-2026-1519] sec: usr: Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations

DNSSEC-signed zones may contain high iteration-count NSEC3 records,
which prove that certain delegations are insecure. Previously, a
validating resolver encountering such a delegation processed these
iterations up to the number given, which could be a maximum of 65,535.
This has been addressed by introducing a processing limit, set at 150.
Now, if such an NSEC3 record is encountered, the delegation will be
treated as insecure.

ISC would like to thank Samy Medjahed/Ap4sh for bringing this
vulnerability to our attention.

Closes isc-projects/bind9#5708

Backport of MR !935

Resolves-Vulnerability: CVE-2026-1519
Resolves: RHEL-160106

2026-03-30 13:18:56 +02:00

1 Commits