You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
dns denial of service
About this tag
The dns denial of service tag covers vulnerabilities in DNS resolver software such as Unbound and ISC BIND 9 that can crash or degrade DNS services via specially crafted packets. These flaws are not remote code execution but can cause significant outages in Windows-heavy environments where DNS is critical for authentication, patching, and network operations. Topics include CVE-2026-44390, CVE-2026-42959, CVE-2026-5946, and CVE-2026-3039, with emphasis on patching and availability risks for Windows administrators managing recursive or authoritative DNS infrastructure.
CVE-2026-44390 is a newly published denial-of-service vulnerability in NLnet Labs Unbound, disclosed in May 2026 and mirrored by Microsoft’s Security Update Guide, where specially crafted DNS responses can force excessive name-compression work and degrade resolver availability rather than fully...
CVE-2026-42959 is a denial-of-service vulnerability disclosed in May 2026 in NLnet Labs Unbound, where malicious upstream DNSSEC validation content can crash the resolver and interrupt DNS service for clients that depend on it. The practical story is not remote code execution or data theft; it...
CVE-2026-5946 is a high-severity denial-of-service vulnerability disclosed on May 20, 2026, in ISC BIND 9’s named DNS server, where specially crafted non-Internet-class DNS messages can trigger assertion failures and crash affected authoritative or recursive DNS services. The bug is not...
CVE-2026-3039 is a high-severity remote denial-of-service flaw disclosed on May 20, 2026, in ISC BIND 9, where servers using GSS-API TKEY authentication can leak memory while processing maliciously crafted negotiation packets, eventually exhausting named and breaking DNS service. The bug is not...