NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.
References
| Link | Resource |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt | Patch Vendor Advisory |
Configurations
History
26 Jun 2026, 02:07
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Nlnetlabs
Nlnetlabs nsd |
|
| CPE | cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
| References | () https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt - Patch, Vendor Advisory |
25 Jun 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 07:16
Updated : 2026-06-26 02:07
NVD link : CVE-2026-12246
Mitre link : CVE-2026-12246
CVE.ORG link : CVE-2026-12246
JSON object : View
Products Affected
nlnetlabs
- nsd
