NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
References
| Link | Resource |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt | Patch Vendor Advisory |
Configurations
History
26 Jun 2026, 02:07
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:* | |
| References | () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt - Patch, Vendor Advisory | |
| First Time |
Nlnetlabs
Nlnetlabs nsd |
25 Jun 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 07:16
Updated : 2026-06-26 02:07
NVD link : CVE-2026-12245
Mitre link : CVE-2026-12245
CVE.ORG link : CVE-2026-12245
JSON object : View
Products Affected
nlnetlabs
- nsd
CWE
CWE-416
Use After Free
