async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

hickory-server (>=0.24.0 <=0.25.0-alpha.1) potentially affected by unknown CVE via hickory-recursor (>=0.24.4 <=0.25.0-alpha.1)

hickory-recursor CARGO version =0.24.4, =0.24.0, =0.25.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:GHSA-83HF-93M4-RGWQ...

GHSA-83HF-93M4-RGWQ Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation

Summary The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

UBUNTU-CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

The CVE affects Hickory DNS hickory-recursor versions 0.1 through 0.25.2. The root cause is cross-zone poisoning caused by cached data not being directly associated with the query that triggered the response, enabling manipulation of cached responses. Impact is limited to information integrity in...

EUVD-2026-25687

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

CVE-2026-42254

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

PT-2026-35193

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response...

Linux Distros Unpatched Vulnerability : CVE-2026-42254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a respons...

hickory-server (>=0.24.0 <=0.25.0-alpha.1) potentially affected by unknown CVE via hickory-recursor (>=0.24.4 <=0.25.0-alpha.1)

hickory-recursor CARGO version =0.24.4, =0.24.0, =0.25.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0106...

RUSTSEC-2026-0106 Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation

The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...