CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

CVE-2026-10846 Insufficient verification that responses belong to a query

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

UBUNTU-CVE-2026-10846

NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as stub resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of t...

CVE-2026-33596 TCP backend stream ID overflow

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...

Malicious code in query_response-active_record (npm)

The package queryresponse-activerecord was found to contain malicious code...

Permissioned LLMs: Enforcing Access Control in Large Language Models

In enterprise settings, organizational data is segregated, siloed and carefully protected by elaborate access control frameworks. These access control structures can completely break down if an LLM fine-tuned on the siloed data serves requests, for downstream tasks, from individuals with disparat...

Design/Logic Flaw

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...

CVE-2022-3488

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...

CVE-2022-3488

Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such a...

ISC BIND 9.11.4-S1 < 9.16.37-S1 / 9.16.8-S1 < 9.16.37-S1 Assertion Failure (cve-2022-3488)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2022-3488 advisory. - Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is...

CVE-2020-25109

An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses set in a DNS header is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2017-1078)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ISC BIND 9 DNS64 and RPZ Assertion Failure Denial of Service Vulnerability

ISC BIND is the United States Internet Systems Consortium ISC company maintains a set of open source software that implements the DNS protocol. ISC BIND 9 suffers from a DNS64 and RPZ Assertion Failure Denial of Service vulnerability. An attacker can exploit the vulnerability by rewriting the que...

bind: assertion failure while handling a query response containing inconsistent DNSSEC information

A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response...

FreeBSD : BIND -- multiple vulnerabilities (d4c7e9a9-d893-11e6-9b4d-d050996490d0)

ISC reports : A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache. Depending on the type of query and the EDNS options in the query they receive...

mDNS Query Response

Binary data 8248.prm...

CVE-2012-1192

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

CVE-2012-1033

The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack...

WordPress User IDs and User Names Disclosure

WordPress platforms use a parameter called author SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress";...

ISC BIND 9 DNSSEC Query Response Remote Cache Poisoning

Binary data 5243.prm...