Lucene search
K

4 matches found

SUSE Linux
SUSE Linux
added 2026/04/24 2:25 p.m.8 views

Security update for dnsdist

This update for dnsdist fixes the following issues: Update to version 1.9.12. https://www.dnsdist.org/changelog.htmlchange-1.9.12 Security issues fixed: CVE-2026-0396: crafted DNS queries triggering domain-based dynamic rules can lead to HTML injection in the web dashboard bsc1261236...

8.2CVSS5.5AI score0.01028EPSS
Exploits0References28
NVD
NVD
added 2026/03/31 12:16 p.m.5 views

CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

8.2CVSS0.01028EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 12:6 p.m.1 views

CVE-2026-27854 Use after free when parsing EDNS options in Lua

An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a...

4.8CVSS5.9AI score0.00471EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/03/31 11:57 a.m.4 views

CVE-2026-24028

An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential...

8.2CVSS5.8AI score0.01028EPSS
Exploits0
Rows per page
Query Builder