84 matches found
CVE-2026-12245
A flaw was found in NSD. When NSD is configured with DNS over TLS DoT, a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker...
Linux Distros Unpatched Vulnerability : CVE-2026-12245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered...
EUVD-2026-39183
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
ALPINE-CVE-2026-12245
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12245 Denial of DNS over TLS service by any DoT client
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12245
NSD version 4.13.0 and later contains a heap use-after-free in logging errors on TLS connections, which can crash the server process. The issue is triggerable by sending a DNS query over DoT and then closing the connection without reading the response, indicating a network-based impact with poten...
PT-2026-52210
Name of the Vulnerable Software and Affected Versions NSD version 4.13.0 Description A heap use-after-free bug exists when logging errors on TLS connections. This issue can be triggered by sending a DNS query over a DNS over TLS DoT connection and closing the connection before reading the respons...
CVE-2026-33190
CoreDNS TSIG authentication bypass vulnerability (CVE-2026-33190) affects versions prior to 1.14.3 on non-plain-DNS transports. The tsig plugin trusts the transport writer’s TsigStatus() instead of verifying TSIG itself, causing unauthenticated remote access over DoT, DoH, DoH3, DoQ, and gRPC. Do...
GHSA-QHMP-Q7XH-99RH CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...
CoreDNS has TSIG authentication bypass on DoT, DoH, DoH3, DoQ, and gRPC
Summary CoreDNS' tsig plugin can be bypassed on non-plain-DNS transports because it trusts the transport writer's TsigStatus instead of performing verification itself. In the attached PoC, plain DNS/TCP correctly rejects an invalid TSIG NOTAUTH, while the same invalid-TSIG request is accepted ove...
CVE-2026-33596
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...
CVE-2026-33596 TCP backend stream ID overflow
A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...
EUVD-2022-24523
Malicious code in bioql PyPI...
EUVD-2023-54109
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-4236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal da...
NewStart CGSL MAIN 7.02 : bind Multiple Vulnerabilities (NS-SA-2025-0108)
The remote NewStart CGSL host, running version MAIN 7.02, has bind packages installed that are affected by multiple vulnerabilities: - If a server hosts a zone containing a KEY Resource Record, or a resolver DNSSEC-validates a KEY Resource Record from a DNSSEC-signed domain in cache, a client can...
Quantum-Resistant Domain Name System: a Comprehensive System-Level Study
The Domain Name System DNS plays a foundational role in Internet infrastructure, yet its core protocols remain vulnerable to compromise by quantum adversaries. As cryptographically relevant quantum computers become a realistic threat, ensuring DNS confidentiality, authenticity, and integrity in t...
OESA-2024-2233 unbound security update
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...
Advisory ROSA-SA-2024-2459
Software: systemd 239 OS: ROSA Virtualization 2.1 packageevrstring: systemd-239 CVE-ID: CVE-2018-21029 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: systemd accepts any certificate signed by a trusted certificate authority for DNS Over TLS. No server name indication SNI is sent, and there is no...
ROS-20240611-12
Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...