bind (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package bind, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2025-40778 — CVSS 8.6 (high): Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the…
CVE-2025-40780 — CVSS 8.6 (high): In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to…
CVE-2026-1519 — CVSS 7.5 (high): If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU…
CVE-2026-3039 — CVSS 7.5 (high): BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when…
CVE-2026-3104 — CVSS 7.5 (high): A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9…
CVE-2025-13878 — CVSS 7.5 (high): Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43…
CVE-2026-5947 — CVSS 7.5 (high): Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message…
CVE-2026-5946 — CVSS 7.5 (high): Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example…
CVE-2025-8677 — CVSS 7.5 (high): Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue…
CVE-2026-3593 — CVSS 7.4 (high): A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22…
CVE-2026-3119 — CVSS 6.5 (medium): Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only…
CVE-2026-3591 — CVSS 5.4 (medium): A use-after-return vulnerability exists in the `named` server when handling DNS queries signed with SIG(0). Using a specially-crafted DNS…
CVE-2026-3592 — CVSS 5.3 (medium): BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially…
CVE-2026-5950 — CVSS 5.3 (medium): An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote…