Vulnerability Description
Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Isc | Bind | >= 9.20.0, < 9.20.23 |
Related Weaknesses (CWE)
References
- https://downloads.isc.org/isc/bind9/9.20.23Patch
- https://downloads.isc.org/isc/bind9/9.21.22Patch
- https://kb.isc.org/docs/cve-2026-5947Vendor Advisory
FAQ
What is CVE-2026-5947?
CVE-2026-5947 is a vulnerability with a CVSS score of 7.5 (HIGH). Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. I...
How severe is CVE-2026-5947?
CVE-2026-5947 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-5947?
Check the references section above for vendor advisories and patch information. Affected products include: Isc Bind.