Lucene search
+L

424 matches found

CVE
CVE
added 2026/07/10 10:38 a.m.13 views

CVE-2026-14461

The CVE-2026-14461 entry affects mtr up to version 0.96, where ipinfo_lookup() performs DNS AS lookups and can be triggered by a TXT response larger than 512 bytes with a crafted compression pointer, causing an out-of-bounds read. The function uses the response length as the end-of-message bounda...

5.1CVSS6.1AI score0.00303EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.8 views

netty-resolver-dns: Netty: Information disclosure and data manipulation due to improper CNAME record validation

A flaw was found in Netty's DnsResolveContext. This vulnerability allows a remote attacker to achieve information disclosure or data manipulation by crafting malicious DNS responses. The flaw occurs because the DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS...

10CVSS5.9AI score0.00224EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

RockyLinux 10 : glibc (RLSA-2026:19061)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19061 advisory. glibc: glibc: Incorrect DNS response parsing via crafted DNS server response CVE-2026-4437 glibc: glibc: Invalid DNS hostname returned via gethostbyadd...

7.5CVSS5.1AI score0.00325EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/05/19 2:41 p.m.11 views

glibc: glibc: Incorrect DNS response parsing via crafted DNS server response

A flaw was found in glibc the GNU C Library. When an application uses the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS Domain Name System response. This crafted response can caus...

7.5CVSS5.8AI score0.00325EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.23 views

www/nginx -- Remote Code Execution/DoS

nginx development team reports: When using the "proxysetbody" directive, an attacker might inject data in the proxied request to an HTTP/2 backend A heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngxhttprewritemodule, potentially resultin...

9.2CVSS6.1AI score0.61469EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2026/05/12 5:4 p.m.11 views

CVE-2026-5172

A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNS response processing. The extractaddresses function trusts the declared record data length rdlen without verifying that a subsequent call to extractname stays within the record boundary. A crafted DNS response with a mismatche...

7.5CVSS5.8AI score0.02683EPSS
Exploits1References4
OSV
OSV
added 2026/05/11 6:16 p.m.14 views

ALPINE-CVE-2026-5172

A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...

7.3CVSS6AI score0.02683EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/11 4:48 p.m.21 views

CVE-2026-5172

A buffer overflow in dnsmasq’s extractaddresses function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname to advance the pointer past the record’s end...

7.5CVSS6AI score0.02683EPSS
Exploits1
OSV
OSV
added 2026/05/05 1:57 a.m.23 views

CLSA-2026-1777946242 php: Fix of 13 CVEs

CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...

8.8CVSS7AI score0.9523EPSS
Exploits21References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 4:43 p.m.5 views

CVE-2026-6238

The deprecated functions nsprintrrf, nsprintrr and fpnquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response,...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/28 4:43 p.m.33 views

CVE-2026-6238

GLIBC: The deprecated debugging functions ns_printrrf, ns_printrr and fp_nquery in GNU C Library (glibc) 2.2 and newer fail to validate RDATA against its length for DNS LOC, CERT, TKEY or TSIG records. This may let an attacker craft a DNS response that crashes a target application or reads uninit...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

GNU C Library 安全漏洞

The GNU C Library is an open-source, free C-language compiler program published by the GNU community under the LGPL license. Versions of the GNU C Library 2.2 and later contain security vulnerabilities. These vulnerabilities arise when functions such as nsprintrrf, nsprintrr, and fpnquery handle...

6.5CVSS5.8AI score0.00358EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.3 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2026:1369-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1369-1 advisory. - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response bsc1260078. -...

7.5CVSS5.2AI score0.00325EPSS
Exploits2References7
OSV
OSV
added 2026/04/15 2:42 p.m.6 views

SUSE-SU-2026:1369-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response bsc1260078. - CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions bsc1260082...

7.5CVSS5.8AI score0.00325EPSS
Exploits2References5
Debian CVE
Debian CVE
added 2026/03/31 11:57 a.m.8 views

CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

8.2CVSS5.3AI score0.01028EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/03/25 12:0 a.m.10 views

dnsmasq -- multiple vulnerabilities

Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...

8.8CVSS6.3AI score0.07237EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2026/03/23 7:3 a.m.6 views

CVE-2026-4437

A flaw was found in glibc the GNU C Library. When an application uses the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, a remote attacker can send a specially crafted DNS Domain Name System response. This crafted response can caus...

7.5CVSS5.6AI score0.00325EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 7:59 p.m.35 views

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

0.00325EPSS
Exploits1References1
OSV
OSV
added 2026/02/19 5:28 p.m.7 views

GO-2026-4399 DoS in cert-manager-controller via Specially Crafted DNS Response in github.com/cert-manager/cert-manager

DoS in cert-manager-controller via Specially Crafted DNS Response in github.com/cert-manager/cert-manager...

5.9CVSS5.3AI score0.00349EPSS
Exploits0References7
OSV
OSV
added 2026/02/04 9:18 p.m.6 views

CVE-2026-25518 cert-manager-controller DoS via Specially Crafted DNS Response

cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to before 1.18.5 and from 1.19.0 to before 1.19.3, the cert-manager-controller performs DNS...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References9
Rows per page
Query Builder