Bug 2479767 (CVE-2026-3039) - CVE-2026-3039 bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation
Summary: CVE-2026-3039 bind: BIND 9 server memory exhaustion during GSS-API TKEY negot...
Keywords:
Status: NEW
Alias: CVE-2026-3039
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2480121 2481337 2481339
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-19 09:49 UTC by OSIDB Bzimport
Modified: 2026-06-08 15:10 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2026:24375 0 None None None 2026-06-08 09:22:25 UTC
Red Hat Product Errata RHBA-2026:24517 0 None None None 2026-06-08 15:10:39 UTC
Red Hat Product Errata RHSA-2026:23360 0 None None None 2026-06-04 15:11:14 UTC
Red Hat Product Errata RHSA-2026:24338 0 None None None 2026-06-08 02:55:08 UTC
Red Hat Product Errata RHSA-2026:24339 0 None None None 2026-06-08 02:53:48 UTC
Red Hat Product Errata RHSA-2026:24367 0 None None None 2026-06-08 09:36:44 UTC
Red Hat Product Errata RHSA-2026:24368 0 None None None 2026-06-08 10:48:11 UTC

Description OSIDB Bzimport 2026-05-19 09:49:46 UTC
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or Kerberos-secured DNS environments.

Comment 2 errata-xmlrpc 2026-06-04 15:11:13 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:23360 https://access.redhat.com/errata/RHSA-2026:23360

Comment 3 errata-xmlrpc 2026-06-08 02:53:47 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:24339 https://access.redhat.com/errata/RHSA-2026:24339

Comment 4 errata-xmlrpc 2026-06-08 02:55:07 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:24338 https://access.redhat.com/errata/RHSA-2026:24338

Comment 5 errata-xmlrpc 2026-06-08 09:36:43 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:24367 https://access.redhat.com/errata/RHSA-2026:24367

Comment 6 errata-xmlrpc 2026-06-08 10:48:10 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:24368 https://access.redhat.com/errata/RHSA-2026:24368


Note You need to log in before you can comment on or make changes to this bug.