NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-617 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Thu, 25 Jun 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Nlnetlabs
Nlnetlabs nsd |
|
| Vendors & Products |
Nlnetlabs
Nlnetlabs nsd |
|
| Metrics |
ssvc
|
Thu, 25 Jun 2026 06:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response. | |
| Title | Denial of DNS over TLS service by any DoT client | |
| Weaknesses | CWE-416 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: NLnet Labs
Published: 2026-06-25T05:24:18.620Z
Updated: 2026-06-25T12:42:50.104Z
Reserved: 2026-06-15T06:47:18.496Z
Link: CVE-2026-12245
Updated: 2026-06-25T12:42:36.299Z
No data.