382 matches found
io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records
A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...
OESA-2026-2966 dnsmasq security update
Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...
[SECURITY] Fedora 43 Update: nsd-4.14.3-1.fc43
NSD is a complete implementation of an authoritative DNS name server. For further information about what NSD is and what NSD is not please consult the REQUIREMENTS document which is a part of this distribution...
MAL-2026-6782 Malicious code in @marketfront/header (npm)
The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
CVE-2026-12244
A flaw was found in nsd. When nsd is configured as a secondary server for a zone, a remote attacker, acting as the primary server for that zone, can send a specially crafted DNS message within an AXFR Asynchronous Full Zone Transfer request. This message, containing a malformed SVCB Service Bindi...
CVE-2026-12246
A flaw was found in NSD. A remote attacker, operating as a configured primary DNS server in a multi-tenant secondary DNS deployment, could exploit a bug involving specially crafted Address Prefix List APL resource records. By providing an APL record with an adflength larger than permitted, the...
CVE-2026-12245
A flaw was found in NSD. When NSD is configured with DNS over TLS DoT, a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker...
Linux Distros Unpatched Vulnerability : CVE-2026-12246
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack wh...
EUVD-2026-39184
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...
EUVD-2026-39182
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...
ALPINE-CVE-2026-12245
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12246
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...
ALPINE-CVE-2026-12246
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...
CVE-2026-12244
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...
CVE-2026-12244
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...
CVE-2026-12246
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...
CVE-2026-12246 Out of bounds stack write with crafted APL RR
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...
CVE-2026-12245
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12245 Denial of DNS over TLS service by any DoT client
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...
CVE-2026-12244
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an uint16t variable that is used to allocate space needed for the RR wrap because total size 65535,...