7 matches found
CVE-2026-62299 CoreDNS: rewrite-plugin EDNS0 response-revert nil-pointer panic (remote DoS) when a downstream plugin returns a response with no OPT record
CoreDNS is a DNS server written in Go. Prior to 1.14.5, the CoreDNS rewrite plugin supports edns0 rewrite rules with an optional revert flag, and two response rules, edns0SetResponseRule and edns0ReplaceResponseRuleT in plugin/rewrite/edns0.go, call res.IsEdns0 and immediately dereference the...
CVE-2026-42004
An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...
dnsmasq: Broken ECS source validation bypass
A validation bypass was discovered in dnsmasq's RFC 7871 client subnet ECS handling. When verifying ECS source information in DNS responses, dnsmasq passes the OPT record length instead of the full packet length to the validation function.This causes all internal bounds checks to fail, completely...
Exploit for Heap-based Buffer Overflow in Microsoft
CVE-2026-41096 - Crash PoC Heap overflow in DnsRawTruncateMe...
SUSE CVE-2016-7069
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to th...
DEBIAN-CVE-2016-2848
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service assertion failure and daemon exit via malformed options data in an OPT resource record...
ISC BIND 8.3.x - OPT Record Large UDP Denial of Service
ISC BIND 8.3.x - OPT Record Large UDP Denial of Service // source: https://www.securityfocus.com/bid/6161/info ISC BIND is vulnerable to a denial of service attack. When a DNS lookup is requested on a non-existant sub-domain of a valid domain and an OPT resource record with a large UDP payload is...