CVE-2026-12244

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes
References
Link Resource
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*

History

26 Jun 2026, 02:07

Type Values Removed Values Added
CPE cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*
References () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt - () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt - Patch, Vendor Advisory
First Time Nlnetlabs
Nlnetlabs nsd
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

25 Jun 2026, 07:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 07:16

Updated : 2026-06-26 02:07


NVD link : CVE-2026-12244

Mitre link : CVE-2026-12244

CVE.ORG link : CVE-2026-12244


JSON object : View

Products Affected

nlnetlabs

  • nsd
CWE
CWE-122

Heap-based Buffer Overflow

CWE-190

Integer Overflow or Wraparound