Back

Critical Bind Vulnerabilities Affect Ubuntu 25.10 Leading to Denial of Service Risks

Severity: High (Score: 70.5)

Sources: Ubuntu, Linuxsecurity

Summary

Multiple vulnerabilities in Bind have been identified, affecting Ubuntu 25.10 and its derivatives. Discovered by Samy Medjahed and Vitaly Simonovich, these issues could allow remote attackers to exploit the system, leading to denial of service through excessive CPU and memory consumption. The vulnerabilities include CVE-2026-1519, which allows for excessive NSEC3 iterations, CVE-2026-3104, which affects memory handling during DNSSEC proofs, and CVE-2026-3119, which can cause Bind to crash. Additionally, CVE-2026-3591 enables bypassing ACLs through improperly handled DNS queries. All vulnerabilities were published on 2026-03-25. Users are advised to update to the latest package versions to mitigate these risks. Key Points: • Multiple critical vulnerabilities in Bind affect Ubuntu 25.10 and its derivatives. • Remote attackers can exploit these vulnerabilities to cause denial of service. • Immediate updates are required to mitigate the identified risks.

Key Entities

  • DDoS (attack_type)
  • CVE-2026-1519 (cve)
  • CVE-2026-3104 (cve)
  • CVE-2026-3119 (cve)
  • CVE-2026-3591 (cve)
  • Bind9 (platform)
  • Ubuntu (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed