From: Michał Kępień <michal@isc.org>
Date: Fri, 13 Mar 2026 12:35:24 +0000 (+0100)
Subject: [CVE-2026-3104] sec: usr: Fix memory leaks in code preparing DNSSEC proofs of non... 
X-Git-Tag: v9.21.20~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e29b24dcd0b5021a80fa3ad9508145760109cc2;p=thirdparty%2Fbind9.git

[CVE-2026-3104] sec: usr: Fix memory leaks in code preparing DNSSEC proofs of non-existence

An attacker controlling a DNSSEC-signed zone could trigger a memory leak
in the logic preparing DNSSEC proofs of non-existence, by creating more
than :any:`max-records-per-type` RRSIGs for NSEC records. These memory
leaks have been fixed.

ISC would like to thank Vitaly Simonovich for bringing this
vulnerability to our attention.

Closes isc-projects/bind9#5742

Merge branch '5742-fix-memory-leak-in-addnoqname-and-addclosest' into 'v9.21.20-release'

See merge request isc-private/bind9!913
---

5e29b24dcd0b5021a80fa3ad9508145760109cc2