84 matches found
CVE-2026-12245
A flaw was found in NSD. When NSD is configured with DNS over TLS DoT, a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker...
Linux Distros Unpatched Vulnerability : CVE-2026-12245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered...
EUVD-2026-39183
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
ALPINE-CVE-2026-12245
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12245 Denial of DNS over TLS service by any DoT client
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12245
NSD version 4.13.0 and later contains a heap use-after-free in logging errors on TLS connections, which can crash the server process. The issue is triggerable by sending a DNS query over DoT and then closing the connection without reading the response, indicating a network-based impact with poten...
PT-2026-52210
Name of the Vulnerable Software and Affected Versions NSD version 4.13.0 Description A heap use-after-free bug exists when logging errors on TLS connections. This issue can be triggered by sending a DNS query over a DNS over TLS DoT connection and closing the connection before reading the respons...
CVE-2026-33190
CoreDNS TSIG authentication bypass vulnerability (CVE-2026-33190) affects versions prior to 1.14.3 on non-plain-DNS transports. The tsig plugin trusts the transport writer’s TsigStatus() instead of verifying TSIG itself, causing unauthenticated remote access over DoT, DoH, DoH3, DoQ, and gRPC. Do...
CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...
GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...
CVE-2026-33596
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...
CVE-2026-33596 TCP backend stream ID overflow
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...
EUVD-2022-24523
Malicious code in bioql PyPI...
EUVD-2023-54109
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-4236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal da...
NewStart CGSL MAIN 7.02 : bind Multiple Vulnerabilities (NS-SA-2025-0108)
The remote NewStart CGSL host, running version MAIN 7.02, has bind packages installed that are affected by multiple vulnerabilities: - If a server hosts a zone containing a KEY Resource Record, or a resolver DNSSEC-validates a KEY Resource Record from a DNSSEC-signed domain in cache, a client can...
Quantum-Resistant Domain Name System: a Comprehensive System-Level Study
The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...
OESA-2024-2233 unbound security update
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...
Advisory ROSA-SA-2024-2459
Software: systemd 239 OS: ROSA Virtualization 2.1 packageevrstring: systemd-239 CVE-ID: CVE-2018-21029 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: systemd accepts any certificate signed by a trusted certificate authority for DNS Over TLS. No server name indication SNI is sent, and there is no...
ROS-20240611-12
Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...