async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation

Summary The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation

The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...

RUSTSEC-2025-0013 resolve is unmaintained

resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...

resolve is unmaintained

resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...