Lucene search
K

22 matches found

redos
redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0032

The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.5CVSS5.9AI score0.00813EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/06/12 2:17 p.m.63 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS5.2AI score0.00224EPSS
Exploits0References3
cve
cve
added 2026/06/12 2:17 p.m.276 views

CVE-2026-45674

CVE-2026-45674 affects Netty DNS resolution: the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Affected versions are 4.1.135.Final and 4.2.15.Final; the issue is patched in those same versions. Potential impact is DNS cache poisoning via missing bai...

10CVSS5.2AI score0.00224EPSS
Exploits0References11Affected Software1
osv
osv
added 2026/06/08 11:2 p.m.14 views

GHSA-676X-F7GG-47VC Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Summary Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Details In io.netty.resolver.dns.DnsResolveContextbuildAliasMap, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds. According to...

8.7CVSS5.5AI score0.00224EPSS
Exploits0References12
bdu_fstec
bdu_fstec
added 2026/06/08 12:0 a.m.3 views

The vulnerability of the LookupCNAME() function in the Go programming language allows a perpetrator to trigger a service failure.

The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...

7.8CVSS5.8AI score0.00813EPSS
Exploits0References6Affected Software2
euvd
euvd
added 2026/04/07 3:17 p.m.2 views

EUVD-2026-19685

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

8.8CVSS6.2AI score0.00686EPSS
Exploits1References1
cvelist
cvelist
added 2026/04/07 3:17 p.m.20 views

CVE-2026-35518 Pi-hole FTL affected by Remote Code Execution (RCE) via dns.cnameRecords Newline Injection

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

8.8CVSS0.00686EPSS
Exploits1References1
nessus
nessus
added 2026/01/21 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Avahi vulnerabilities (USN-7967-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7967-1 advisory. It was discovered that Avahi incorrectly terminated when processing browser records...

6.5CVSS5.8AI score0.00353EPSS
Exploits1References4
susecve
susecve
added 2026/01/13 12:25 a.m.5 views

SUSE CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References11
snyk
snyk
added 2026/01/12 6:43 p.m.4 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the lookupmulticastcallback function. An attacker can cause a crash by sending unsolicited announcements containing CNAME resource records that point to resource records with short TTLs, which, upon expiration,...

7.1CVSS6.3AI score0.00331EPSS
Exploits0References2
snyk
snyk
added 2026/01/12 6:41 p.m.1 views

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the lookupstart process. An attacker can cause a crash of the daemon by sending two unsolicited announcements containing CNAME resource records two seconds apart. Remediation A fix was pushed into the master branc...

7.1CVSS6.3AI score0.00353EPSS
Exploits1References2
nvd
nvd
added 2026/01/12 6:15 p.m.8 views

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS0.00331EPSS
Exploits0References3
nvd
nvd
added 2026/01/12 6:15 p.m.10 views

CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS0.00353EPSS
Exploits1References3
osv
osv
added 2026/01/12 6:15 p.m.6 views

ALPINE-CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS5.4AI score0.00353EPSS
Exploits1References1
osv
osv
added 2026/01/12 6:15 p.m.10 views

AZL-74274 CVE-2025-68468 affecting package avahi for versions less than 0.8-5

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/01/12 6:15 p.m.5 views

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS5.9AI score0.00331EPSS
Exploits0References5
cve
cve
added 2026/01/12 5:39 p.m.109 views

CVE-2025-68471

CVE-2025-68471 affects Avahi (0.9-rc2 and earlier) and is triggered by processing two unsolicited announcements with CNAME records, leading to a crash/DoS via a reachable assertion in lookup_start. Connected advisories indicate fixes in avahi packages (e.g., openSUSE/SUSE advisories;Mariner notes...

6.5CVSS6.2AI score0.00353EPSS
Exploits1References3Affected Software1
euvd
euvd
added 2026/01/12 5:38 p.m.5 views

EUVD-2025-206279

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/01/12 12:0 a.m.8 views

PT-2026-2282

Name of the Vulnerable Software and Affected Versions Avahi versions prior to 0.9-rc2 Description Avahi, a system for local network service discovery using the mDNS/DNS-SD protocol suite, is susceptible to a crash issue. Sending unsolicited announcements containing CNAME resource records that poi...

6.5CVSS6.3AI score0.00353EPSS
Exploits1References36
osv
osv
added 2018/11/27 12:35 p.m.10 views

USN-3827-1 samba vulnerabilities

Florian Stuelpner discovered that Samba incorrectly handled CNAME records. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service. CVE-2018-14629 Alex MacCuish discovered that Samba incorrectly handled memory when configured to accept smart-card...

6.5CVSS6.8AI score0.05192EPSS
Exploits1References4
Rows per page
Query Builder