The BIND 9 Software Vulnerability Matrix details known security vulnerabilities in supported versions of BIND. Vulnerabilities are identified by their CVE ID: Common Vulnerabilities and Exposures.
This page was previously called the "BIND 9 Security Vulnerability Matrix".
Using this matrix
Each row with a CVE ID gives the version(s) that fix that problem.
Determining vulnerability
To determine if/how a given version is vulnerable:
- Find the column heading for the corresponding branch (9.X version)
- Read down that column to find the specific 9.X.Y version (or use "Find" in your browser)
To determine if a given CVE applies:
- Read down the "CVE ID" column to find the CVE ID (or use "Find" in your browser)
- If you do not know the CVE ID, consult the complete list of all BIND advisories
Once you find a given table row (CVE ID and/or version):
- The listed version(s) contain fixes for that CVE, and are not vulnerable to that CVE
- A dash (-) indicates no version of that branch (column) is vulnerable
- Any CVEs listed above that version (later in time) apply (vulnerable)
- Any CVEs listed below that version (earlier in time) do not apply (not vulnerable)
For table rows without a CVE:
- A dash (-) indicates that row does not apply to that branch
Supported Preview Edition
- Most CVEs apply equally to both the open source edition and the Supported Preview Edition (-S).
- If a row lists the
-S1suffix, the CVE applies only to the Supported Preview Edition. - If no
-S1suffix is present, the CVE applies to both editions.
Other BIND versions
The major branches on this page will always reflect the currently-supported stable branch(es) of BIND. See ISC's Software Support Policy and Version Numbering.
Older branches of BIND are no longer supported, generally do not receive fixes, and may not even be assessed for vulnerability. For historical reference, please see matrices for obsolete branches.
Development, alpha, beta, or release candidate (RC) versions are not listed here. We recommend that you use only stable branches in any environment for which security is a concern.
The matrix
Each row with a CVE ID gives the version(s) that fix that problem.
| Release Date | CVE ID | 9.18 | 9.20 |
|---|---|---|---|
| 2026-05-20 | CVE-2026-3039 | 9.18.49 | 9.20.23 |
| 2026-05-20 | CVE-2026-3592 | 9.18.49 | 9.20.23 |
| 2026-05-20 | CVE-2026-3593 | - | 9.20.23 |
| 2026-05-20 | CVE-2026-5946 | 9.18.49 | 9.20.23 |
| 2026-05-20 | CVE-2026-5947 | - | 9.20.23 |
| 2026-05-20 | CVE-2026-5950 | 9.18.49 | 9.20.23 |
| 2026-04-01 | No CVEs fixed in this release | 9.18.48 | 9.20.22 |
| 2026-03-25 | CVE-2026-1519 | 9.18.47 | 9.20.21 |
| 2026-03-25 | CVE-2026-3104 | - | 9.20.21 |
| 2026-03-25 | CVE-2026-3119 | - | 9.20.21 |
| 2026-03-25 | CVE-2026-3591 | - | 9.20.21 |
| 2026-02-27 | No CVEs fixed in this release | 9.18.46 | 9.20.20 |
| 2026-02-18 | No CVEs fixed in this release | 9.18.45 | 9.20.19 |
| 2026-01-21 | CVE-2025-13878 | 9.18.44 | 9.20.18 |
| 2025-12-17 | No CVEs fixed in this release | 9.18.43 | 9.20.17 |
| 2025-11-19 | No CVEs fixed in this release | 9.18.42 | 9.20.16 |
| 2025-10-22 | CVE-2025-8677 | 9.18.41 | 9.20.15 |
| 2025-10-22 | CVE-2025-40778 | 9.18.41 | 9.20.15 |
| 2025-10-22 | CVE-2025-40780 | 9.18.41 | 9.20.15 |
| 2025-10-08 | Release Withdrawn | 9.18.40 | 9.20.14 |
| 2025-09-10 | No CVEs fixed in this release | - | 9.20.13 |
| 2025-08-20 | No CVEs fixed in this release | 9.18.39 | 9.20.12 |
| 2025-07-16 | CVE-2025-40776 | 9.18.38-S1 | 9.20.11-S1 |
| 2025-07-16 | CVE-2025-40777 | - | 9.20.11 |
| 2025-06-18 | No CVEs fixed in this release | - | 9.20.10 |
| 2025-05-21 | No CVEs fixed in this release | 9.18.37 | - |
| 2025-05-21 | CVE-2025-40775 | - | 9.20.9 |
| 2025-04-16 | No CVEs fixed in this release | 9.18.36 | 9.20.8 |
| 2025-03-19 | No CVEs fixed in this release | 9.18.35 | 9.20.7 |
| 2025-02-19 | No CVEs fixed in this release | 9.18.34 | 9.20.6 |
| 2025-01-29 | CVE-2024-11187 | 9.18.33 | 9.20.5 |
| 2025-01-29 | CVE-2024-12705 | 9.18.33 | 9.20.5 |
| 2024-12-11 | No CVEs fixed in this release | 9.18.32 | 9.20.4 |
| 2024-10-16 | No CVEs fixed in this release | 9.18.31 | 9.20.3 |
| 2024-09-18 | No CVEs fixed in this release | 9.18.30 | 9.20.2 |
| 2024-08-21 | No CVEs fixed in this release | 9.18.29 | 9.20.1 |
| 2024-07-23 | No CVEs fixed in this release | - | 9.20.0 |
| 2024-07-23 | CVE-2024-0760 | 9.18.28 | - |
| 2024-07-23 | CVE-2024-1737 | 9.18.28 | - |
| 2024-07-23 | CVE-2024-1975 | 9.18.28 | - |
| 2024-07-23 | CVE-2024-4076 | 9.18.28 | - |
| 2024-05-15 | No CVEs fixed in this release | 9.18.27 | - |
| 2024-04-17 | No CVEs fixed in this release | 9.18.26 | - |
| 2024-03-20 | No CVEs fixed in this release | 9.18.25 | - |
| 2024-02-13 | CVE-2023-4408 | 9.18.24 | - |
| 2024-02-13 | CVE-2023-5517 | 9.18.24 | - |
| 2024-02-13 | CVE-2023-5679 | 9.18.24 | - |
| 2024-02-13 | CVE-2023-5680 | 9.18.24-S1 | - |
| 2024-02-13 | CVE-2023-6516 | - | - |
| 2024-02-13 | CVE-2023-50387 | 9.18.24 | - |
| 2024-02-13 | CVE-2023-50868 | 9.18.24 | - |
| 2024-01-15 | Release Withdrawn | 9.18.23 | - |
| 2024-01-15 | Release Withdrawn | 9.18.22 | - |
| 2023-12-20 | No CVEs fixed in this release | 9.18.21 | - |
| 2023-11-15 | No CVEs fixed in this release | 9.18.20 | - |
| 2023-09-20 | CVE-2023-3341 | 9.18.19 | - |
| 2023-09-20 | CVE-2023-4236 | 9.18.19 | - |
| 2023-08-16 | No CVEs fixed in this release | 9.18.18 | - |
| 2023-07-19 | No CVEs fixed in this release | 9.18.17 | - |
| 2023-06-21 | CVE-2023-2828 | 9.18.16 | - |
| 2023-06-21 | CVE-2023-2829 | 9.18.16-S1 | - |
| 2023-06-21 | CVE-2023-2911 | 9.18.16 | - |
| 2023-05-17 | No CVEs fixed in this release | 9.18.15 | - |
| 2023-04-19 | No CVEs fixed in this release | 9.18.14 | - |
| 2023-03-15 | No CVEs fixed in this release | 9.18.13 | - |
| 2023-02-15 | No CVEs fixed in this release | 9.18.12 | - |
| 2023-01-25 | CVE-2022-3094 | 9.18.11 | - |
| 2023-01-25 | CVE-2022-3488 | - | - |
| 2023-01-25 | CVE-2022-3736 | 9.18.11 | - |
| 2023-01-25 | CVE-2022-3924 | 9.18.11 | - |
| 2022-12-21 | No CVEs fixed in this release | 9.18.10 | - |
| 2022-11-16 | No CVEs fixed in this release | 9.18.9 | - |
| 2022-10-19 | No CVEs fixed in this release | 9.18.8 | - |
| 2022-09-21 | CVE-2022-2795 | 9.18.7 | - |
| 2022-09-21 | CVE-2022-2881 | 9.18.7 | - |
| 2022-09-21 | CVE-2022-2906 | 9.18.7 | - |
| 2022-09-21 | CVE-2022-3080 | 9.18.7 | - |
| 2022-09-21 | CVE-2022-38177 | - | - |
| 2022-09-21 | CVE-2022-38178 | 9.18.7 | - |
| 2022-08-17 | No CVEs fixed in this release | 9.18.6 | - |
| 2022-07-20 | No CVEs fixed in this release | 9.18.5 | - |
| 2022-06-15 | No CVEs fixed in this release | 9.18.4 | - |
| 2022-05-18 | CVE-2022-1183 | 9.18.3 | - |
| 2022-04-20 | No CVEs fixed in this release | 9.18.2 | - |
| 2022-03-16 | CVE-2021-25220 | 9.18.1 | - |
| 2022-03-16 | CVE-2022-0396 | 9.18.1 | - |
| 2022-03-16 | CVE-2022-0635 | 9.18.1 | - |
| 2022-03-16 | CVE-2022-0667 | 9.18.1 | - |
| 2022-01-26 | No CVEs fixed in this release | 9.18.0 | - |