440 matches found
zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion
Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...
PT-2026-45026
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.6 Description An unauthenticated host on the local link can send multicast mDNS responses with unique names to the DNSCache. async add function, causing records to accumulate in cache, expirations, expire heap,...
PT-2026-45024
Name of the Vulnerable Software and Affected Versions zeroconf versions prior to 0.149.5 Description An unauthenticated host on the local link can degrade the mDNS listener by sending a specially crafted mDNS packet. The DNSIncoming. decode labels at offset function recurses for each DNS-name...
glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions
A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...
CVE-2026-3039
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...
Astra Linux – Vulnerability in glibc
The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...
Astra Linux – Vulnerability in glibc
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...
Astra Linux – Vulnerability in glibc
Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in the leakage of stack contents to the...
Astra Linux – Vulnerability in glibc
NSCD: Stack-based buffer overflow in netgroup cache If the fixed-size cache of the Name Service Cache Daemon nscd is exhausted due to client requests, then a subsequent client request for netgroup data may lead to a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cach...
glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions
A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...
KB5087420: Windows 11 version 23H2 Security Update (May 2026)
The remote Windows host is missing security update 5087420. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Use after free in Windows Hyper-V allows an...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from the extractname function being exploitable, leading to a heap buffer overflow. This allows attackers to inject fake DNS cache entries, potentially redirecting DNS queries to...
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from a buffer overflow in the extractaddresses function. This vulnerability allows attackers to trigger heap-based out-of-bounds reads by exploiting malformed DNS responses, causing a...
PT-2026-38348
🟠 Hickory-DNS, CPU exhaustion due to On² name compression, CVE-2024-53618 Moderate https://t.co/cx7x7R6VZX...
Inefficient Algorithmic Complexity
Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the decode function in the DNS name decompression process. An attacker can cause the server to hang and...
OESA-2026-2171 sssd security update
Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...
OESA-2026-2170 sssd security update
Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...
CVE-2026-35368
A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...
D-Link DIR-825 缓冲区错误漏洞
The D-Link DIR-825 is a router produced by D-Link Corporation. The D-Link DIR-825 3.00b32 version has a buffer error vulnerability. This vulnerability stems from the operations of the NMBDprocess function in the sserver.c file of the nmbd component, which may lead to a buffer overflow...
[SECURITY] Fedora 44 Update: kea-3.0.3-1.fc44
DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...