If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes
References
| Link | Resource |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt | Patch Vendor Advisory |
Configurations
History
26 Jun 2026, 02:07
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:* | |
| References | () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt - Patch, Vendor Advisory | |
| First Time |
Nlnetlabs
Nlnetlabs nsd |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
25 Jun 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 07:16
Updated : 2026-06-26 02:07
NVD link : CVE-2026-12244
Mitre link : CVE-2026-12244
CVE.ORG link : CVE-2026-12244
JSON object : View
Products Affected
nlnetlabs
- nsd
