136 matches found
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
ROS-20260622-73-0032
The vulnerability of the LookupCNAME function in the Go programming language is related to a memory reclamation error when processing CNAME records. Exploiting this vulnerability can allow an attacker to cause service interruptions...
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
CVE-2026-45674
A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...
CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...
EUVD-2026-36450
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...
CVE-2026-45674
CVE-2026-45674 affects Netty DNS resolution: the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Affected versions are 4.1.135.Final and 4.2.15.Final; the issue is patched in those same versions. Potential impact is DNS cache poisoning via missing bai...
EulerOS 2.0 SP13 : avahi (EulerOS-SA-2026-2278)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any...
EulerOS 2.0 SP13 : avahi (EulerOS-SA-2026-2321)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any...
EulerOS 2.0 SP11 : avahi (EulerOS-SA-2026-2197)
According to the versions of the avahi packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below,...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to missing validation of the origin of CNAME records in DNS responses within the DnsResolveContext function. An attacker can inject unauthorized DNS records by supplying malicious DNS...
GHSA-676X-F7GG-47VC Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records
Summary Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Details In io.netty.resolver.dns.DnsResolveContextbuildAliasMap, the resolver processes the ANSWER section of a DNS response and blindly caches all CNAME records it finds. According to...
EulerOS Virtualization 2.13.0 : avahi (EulerOS-SA-2026-2159)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...
EulerOS Virtualization 2.13.1 : avahi (EulerOS-SA-2026-2120)
According to the versions of the avahi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, ...
CVE-2026-33811
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
BIT-GOLANG-2026-33811 Crash when handling long CNAME response in net
When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...