UBUNTU-CVE-2026-33261

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service...

CVE-2026-33261 Null pointer accces in aggressive NSEC(3) cache

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service...

CVE-2026-33261

CVE-2026-33261 describes a denial of service triggered by a zone transition from NSEC to NSEC3, linked to a null pointer access in the aggressive NSEC(3) cache. The description from CVE records (Vuln NLP) indicates internal inconsistency during the NSEC/NSEC3 transition can lead to DoS. The conne...

PT-2026-34325

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service...

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

CLSA-2024-1709547568 bind: Fix of 2 CVEs

CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3...

Malformed NSEC records can cause named to terminate unexpectedly when synth-from-dnssec is enabled

...

DEBIAN-CVE-2021-40083

Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case NSEC3 with too many iterations used for a positive wildcard proof...