CVE-2026-12245

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
References
Link Resource
https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*

History

26 Jun 2026, 02:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*
References () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt - () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt - Patch, Vendor Advisory
First Time Nlnetlabs
Nlnetlabs nsd

25 Jun 2026, 07:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 07:16

Updated : 2026-06-26 02:07


NVD link : CVE-2026-12245

Mitre link : CVE-2026-12245

CVE.ORG link : CVE-2026-12245


JSON object : View

Products Affected

nlnetlabs

  • nsd
CWE
CWE-416

Use After Free