dnsmasq: Broken ECS source validation bypass

A validation bypass was discovered in dnsmasq's RFC 7871 client subnet ECS handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2026-41096 - Crash PoC Heap overflow in DnsRawTruncateMe...

SUSE CVE-2016-7069

An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to th...

DEBIAN-CVE-2016-2848

ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record...

ISC BIND 8.3.x - OPT Record Large UDP Denial of Service

ISC BIND 8.3.x - OPT Record Large UDP Denial of Service // source: https://www.securityfocus.com/bid/6161/info ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is...