Search

Find a vulnerability

Search criteria

    17 vulnerabilities found for nsd by nlnetlabs

    CVE-2026-12490 (GCVE-0-2026-12490)

    Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:41
    VLAI
    Title
    Bypass of client certificate verification with transfer over TLS
    Summary
    When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.10.1 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12490",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:40:01.913311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:41:18.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.10.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Transfer security restrictions for client certificates can be bypassed completely if the attacker can match the other access control conditions, and the tls-auth-xfr-only option is not explicitly set to yes (which it by default is not)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:41.814Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "NLnet Labs shares patch"
            },
            {
              "lang": "en",
              "time": "2026-06-17T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Bypass of client certificate verification with transfer over TLS",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12490",
        "datePublished": "2026-06-25T05:24:41.814Z",
        "dateReserved": "2026-06-17T06:44:23.686Z",
        "dateUpdated": "2026-06-25T12:41:18.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12246 (GCVE-0-2026-12246)

    Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
    VLAI
    Title
    Out of bounds stack write with crafted APL RR
    Summary
    NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.14.0 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks Haruki Oyama from Waseda University zhangph
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:41:56.092027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:42:05.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Haruki Oyama from Waseda University"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zhangph"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Processing of a zone containing a crafted APL can crash NSD when writing the zone to disk. These zones can be provided by a trusted primary"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:29.512Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Haruki Oyama"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch with Qifan Zhang and Haruki Oyama"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "Haruki Oyama verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Issue reported by zhangph"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch with zhangph"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Out of bounds stack write with crafted APL RR",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12246",
        "datePublished": "2026-06-25T05:24:29.512Z",
        "dateReserved": "2026-06-15T06:47:44.761Z",
        "dateUpdated": "2026-06-25T12:42:05.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12245 (GCVE-0-2026-12245)

    Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
    VLAI
    Title
    Denial of DNS over TLS service by any DoT client
    Summary
    NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.13.0 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:42:22.635356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:42:50.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Any client with access to the DoT port (853) can keep all iserve children in a crash-restart loop denying DoT service"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:18.620Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch"
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Denial of DNS over TLS service by any DoT client",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12245",
        "datePublished": "2026-06-25T05:24:18.620Z",
        "dateReserved": "2026-06-15T06:47:18.496Z",
        "dateUpdated": "2026-06-25T12:42:50.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12244 (GCVE-0-2026-12244)

    Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:45
    VLAI
    Title
    Heap overflow and crash with crafted SVCB RR
    Summary
    If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.14.0 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:45:15.927329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:45:34.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let\u0027s an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size \u003e 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Processing of a zonefile containing a crafted SVCB. These can be provided by a trusted primary"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:08.548Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch"
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Heap overflow and crash with crafted SVCB RR",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12244",
        "datePublished": "2026-06-25T05:24:08.548Z",
        "dateReserved": "2026-06-15T06:46:44.866Z",
        "dateUpdated": "2026-06-25T12:45:34.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-5661 (GCVE-0-2013-5661)

    Vulnerability from nvd – Published: 2019-11-05 18:14 – Updated: 2024-08-06 17:15
    VLAI
    Summary
    Cache Poisoning issue exists in DNS Response Rate Limiting.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:15:21.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T18:14:31.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5661",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-5661",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5661",
        "datePublished": "2019-11-05T18:14:31.000Z",
        "dateReserved": "2013-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:15:21.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6173 (GCVE-0-2016-6173)

    Vulnerability from nvd – Published: 2017-02-09 15:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:20.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[nsd-users] 20160809 NSD 4.1.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
              },
              {
                "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
              },
              {
                "name": "91678",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91678"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
              },
              {
                "name": "[dns-operations] 20160704 DNS activities in Japan",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
              },
              {
                "name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-10T10:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[nsd-users] 20160809 NSD 4.1.11",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
            },
            {
              "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
            },
            {
              "name": "91678",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91678"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
            },
            {
              "name": "[dns-operations] 20160704 DNS activities in Japan",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
            },
            {
              "name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-6173",
        "datePublished": "2017-02-09T15:00:00.000Z",
        "dateReserved": "2016-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:20.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2978 (GCVE-0-2012-2978)

    Vulnerability from nvd – Published: 2012-07-27 10:00 – Updated: 2024-08-06 19:50
    VLAI
    Summary
    query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/84097 vdb-entryx_refsource_OSVDB
    http://www.kb.cert.org/vuls/id/624931 third-party-advisoryx_refsource_CERT-VN
    http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt x_refsource_CONFIRM
    http://www.securityfocus.com/bid/54606 vdb-entryx_refsource_BID
    http://secunia.com/advisories/49795 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/49997 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2012/dsa-2515 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2012-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:50:05.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "84097",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/84097"
              },
              {
                "name": "VU#624931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/624931"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
              },
              {
                "name": "54606",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/54606"
              },
              {
                "name": "49795",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49795"
              },
              {
                "name": "49997",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49997"
              },
              {
                "name": "DSA-2515",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2515"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-21T17:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "84097",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/84097"
            },
            {
              "name": "VU#624931",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/624931"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
            },
            {
              "name": "54606",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/54606"
            },
            {
              "name": "49795",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49795"
            },
            {
              "name": "49997",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49997"
            },
            {
              "name": "DSA-2515",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2515"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2012-2978",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "84097",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/84097"
                },
                {
                  "name": "VU#624931",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/624931"
                },
                {
                  "name": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
                },
                {
                  "name": "54606",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/54606"
                },
                {
                  "name": "49795",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49795"
                },
                {
                  "name": "49997",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49997"
                },
                {
                  "name": "DSA-2515",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2515"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2012-2978",
        "datePublished": "2012-07-27T10:00:00.000Z",
        "dateReserved": "2012-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:50:05.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1755 (GCVE-0-2009-1755)

    Vulnerability from nvd – Published: 2009-05-22 01:00 – Updated: 2024-09-17 03:23
    VLAI
    Summary
    Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:53.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
              },
              {
                "name": "[oss-security] 20090519 CVE id request: nsd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-05-22T01:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
            },
            {
              "name": "[oss-security] 20090519 CVE id request: nsd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
                },
                {
                  "name": "[oss-security] 20090519 CVE id request: nsd",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1755",
        "datePublished": "2009-05-22T01:00:00.000Z",
        "dateReserved": "2009-05-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:23:44.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-12490 (GCVE-0-2026-12490)

    Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:41
    VLAI
    Title
    Bypass of client certificate verification with transfer over TLS
    Summary
    When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-284 - Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.10.1 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12490",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:40:01.913311Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:41:18.144Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.10.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Transfer security restrictions for client certificates can be bypassed completely if the attacker can match the other access control conditions, and the tls-auth-xfr-only option is not explicitly set to yes (which it by default is not)"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306: Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:41.814Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "NLnet Labs shares patch"
            },
            {
              "lang": "en",
              "time": "2026-06-17T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Bypass of client certificate verification with transfer over TLS",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12490",
        "datePublished": "2026-06-25T05:24:41.814Z",
        "dateReserved": "2026-06-17T06:44:23.686Z",
        "dateUpdated": "2026-06-25T12:41:18.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12246 (GCVE-0-2026-12246)

    Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
    VLAI
    Title
    Out of bounds stack write with crafted APL RR
    Summary
    NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.14.0 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks Haruki Oyama from Waseda University zhangph
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12246",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:41:56.092027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:42:05.428Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Haruki Oyama from Waseda University"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "zhangph"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Processing of a zone containing a crafted APL can crash NSD when writing the zone to disk. These zones can be provided by a trusted primary"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120: Buffer Copy without Checking Size of Input",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:29.512Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Haruki Oyama"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch with Qifan Zhang and Haruki Oyama"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "Haruki Oyama verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-16T00:00:00.000Z",
              "value": "Issue reported by zhangph"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch with zhangph"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Out of bounds stack write with crafted APL RR",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12246",
        "datePublished": "2026-06-25T05:24:29.512Z",
        "dateReserved": "2026-06-15T06:47:44.761Z",
        "dateUpdated": "2026-06-25T12:42:05.428Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12245 (GCVE-0-2026-12245)

    Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
    VLAI
    Title
    Denial of DNS over TLS service by any DoT client
    Summary
    NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.13.0 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12245",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:42:22.635356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:42:50.104Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.13.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Any client with access to the DoT port (853) can keep all iserve children in a crash-restart loop denying DoT service"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:18.620Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch"
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Denial of DNS over TLS service by any DoT client",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12245",
        "datePublished": "2026-06-25T05:24:18.620Z",
        "dateReserved": "2026-06-15T06:47:18.496Z",
        "dateUpdated": "2026-06-25T12:42:50.104Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12244 (GCVE-0-2026-12244)

    Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:45
    VLAI
    Title
    Heap overflow and crash with crafted SVCB RR
    Summary
    If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    NLnet Labs NSD Affected: 4.14.0 , < 4.14.3 (semver)
    Create a notification for this product.
    Date Public
    2026-06-25 00:00
    Credits
    Qifan Zhang from Palo Alto Networks
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-12244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T12:45:15.927329Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T12:45:34.403Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NSD",
              "vendor": "NLnet Labs",
              "versions": [
                {
                  "lessThan": "4.14.3",
                  "status": "affected",
                  "version": "4.14.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Qifan Zhang from Palo Alto Networks"
            }
          ],
          "datePublic": "2026-06-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let\u0027s an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size \u003e 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "Processing of a zonefile containing a crafted SVCB. These can be provided by a trusted primary"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190: Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                },
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T05:24:08.548Z",
            "orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
            "shortName": "NLnet Labs"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "This issue is fixed starting with version 4.14.3."
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-28T00:00:00.000Z",
              "value": "Issue reported by Qifan Zhang"
            },
            {
              "lang": "en",
              "time": "2026-06-12T00:00:00.000Z",
              "value": "NLnet Labs shares patch"
            },
            {
              "lang": "en",
              "time": "2026-06-15T00:00:00.000Z",
              "value": "Qifan Zhang verifies patch"
            },
            {
              "lang": "en",
              "time": "2026-06-25T00:00:00.000Z",
              "value": "Fix released with version 4.14.3"
            }
          ],
          "title": "Heap overflow and crash with crafted SVCB RR",
          "x_generator": {
            "engine": "cvelib 1.8.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
        "assignerShortName": "NLnet Labs",
        "cveId": "CVE-2026-12244",
        "datePublished": "2026-06-25T05:24:08.548Z",
        "dateReserved": "2026-06-15T06:46:44.866Z",
        "dateUpdated": "2026-06-25T12:45:34.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2013-5661 (GCVE-0-2013-5661)

    Vulnerability from cvelistv5 – Published: 2019-11-05 18:14 – Updated: 2024-08-06 17:15
    VLAI
    Summary
    Cache Poisoning issue exists in DNS Response Rate Limiting.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2013-12-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:15:21.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-12-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-05T18:14:31.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5661",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
                },
                {
                  "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661",
                  "refsource": "MISC",
                  "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
                },
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2013-5661",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5661",
        "datePublished": "2019-11-05T18:14:31.000Z",
        "dateReserved": "2013-08-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:15:21.552Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6173 (GCVE-0-2016-6173)

    Vulnerability from cvelistv5 – Published: 2017-02-09 15:00 – Updated: 2024-08-06 01:22
    VLAI
    Summary
    NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-07-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:22:20.777Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[nsd-users] 20160809 NSD 4.1.11",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
              },
              {
                "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
              },
              {
                "name": "91678",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91678"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
              },
              {
                "name": "[dns-operations] 20160704 DNS activities in Japan",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
              },
              {
                "name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-07-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-02-10T10:57:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "[nsd-users] 20160809 NSD 4.1.11",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
            },
            {
              "name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
            },
            {
              "name": "91678",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91678"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
            },
            {
              "name": "[dns-operations] 20160704 DNS activities in Japan",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
            },
            {
              "name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-6173",
        "datePublished": "2017-02-09T15:00:00.000Z",
        "dateReserved": "2016-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:22:20.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-2978 (GCVE-0-2012-2978)

    Vulnerability from cvelistv5 – Published: 2012-07-27 10:00 – Updated: 2024-08-06 19:50
    VLAI
    Summary
    query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://osvdb.org/84097 vdb-entryx_refsource_OSVDB
    http://www.kb.cert.org/vuls/id/624931 third-party-advisoryx_refsource_CERT-VN
    http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt x_refsource_CONFIRM
    http://www.securityfocus.com/bid/54606 vdb-entryx_refsource_BID
    http://secunia.com/advisories/49795 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/49997 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2012/dsa-2515 vendor-advisoryx_refsource_DEBIAN
    Date Public
    2012-07-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T19:50:05.440Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "84097",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/84097"
              },
              {
                "name": "VU#624931",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/624931"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
              },
              {
                "name": "54606",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/54606"
              },
              {
                "name": "49795",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49795"
              },
              {
                "name": "49997",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49997"
              },
              {
                "name": "DSA-2515",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2515"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-21T17:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "84097",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/84097"
            },
            {
              "name": "VU#624931",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/624931"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
            },
            {
              "name": "54606",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/54606"
            },
            {
              "name": "49795",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49795"
            },
            {
              "name": "49997",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49997"
            },
            {
              "name": "DSA-2515",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2515"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2012-2978",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "84097",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/84097"
                },
                {
                  "name": "VU#624931",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/624931"
                },
                {
                  "name": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
                },
                {
                  "name": "54606",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/54606"
                },
                {
                  "name": "49795",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49795"
                },
                {
                  "name": "49997",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49997"
                },
                {
                  "name": "DSA-2515",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2515"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2012-2978",
        "datePublished": "2012-07-27T10:00:00.000Z",
        "dateReserved": "2012-05-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T19:50:05.440Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1755 (GCVE-0-2009-1755)

    Vulnerability from cvelistv5 – Published: 2009-05-22 01:00 – Updated: 2024-09-17 03:23
    VLAI
    Summary
    Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:53.686Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
              },
              {
                "name": "[oss-security] 20090519 CVE id request: nsd",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-05-22T01:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
            },
            {
              "name": "[oss-security] 20090519 CVE id request: nsd",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1755",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
                },
                {
                  "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418",
                  "refsource": "CONFIRM",
                  "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
                },
                {
                  "name": "[oss-security] 20090519 CVE id request: nsd",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1755",
        "datePublished": "2009-05-22T01:00:00.000Z",
        "dateReserved": "2009-05-21T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:23:44.786Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201702-0037

    Vulnerability from variot - Updated: 2025-04-20 19:35

    NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0037",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nsd",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "nlnetlabs",
            "version": "4.1.10"
          },
          {
            "model": "nsd",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "stichting nlnet",
            "version": "4.1.11"
          },
          {
            "model": "nsd",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "nlnetlabs",
            "version": "4.1.10"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "3.4.7"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "3.4.6"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "3.4.5"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "3.4.4"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "3.4"
          },
          {
            "model": "nsd",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "nsd",
            "version": "0"
          },
          {
            "model": "dns knot dns",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "knot",
            "version": "0"
          },
          {
            "model": "authoritative server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.0"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "91678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:nlnet_labs:nsd",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "91678"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-6173",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2016-6173",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2016-6173",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-6173",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-6173",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201607-081",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "BID",
            "id": "91678"
          }
        ],
        "trust": 1.89
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-6173",
            "trust": 2.7
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2016/07/06/3",
            "trust": 1.6
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2016/07/06/4",
            "trust": 1.6
          },
          {
            "db": "BID",
            "id": "91678",
            "trust": 1.3
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "91678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "id": "VAR-201702-0037",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.18333334
      },
      "last_update_date": "2025-04-20T19:35:47.935000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Bug 790",
            "trust": 0.8,
            "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
          },
          {
            "title": "NSD RELEASE NOTES",
            "trust": 0.8,
            "url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
          },
          {
            "title": "[nsd-users] NSD 4.1.11",
            "trust": 0.8,
            "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
          },
          {
            "title": "NSD Remediation measures for denial of service vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62673"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-399",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.9,
            "url": "https://github.com/sischkg/xfer-limit/blob/master/readme.md"
          },
          {
            "trust": 1.6,
            "url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
          },
          {
            "trust": 1.6,
            "url": "http://www.nlnetlabs.nl/svn/nsd/tags/nsd_4_1_11_rel/doc/relnotes"
          },
          {
            "trust": 1.6,
            "url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
          },
          {
            "trust": 1.6,
            "url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
          },
          {
            "trust": 1.6,
            "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-july/015058.html"
          },
          {
            "trust": 1.6,
            "url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-august/002342.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.securityfocus.com/bid/91678"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6173"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6173"
          },
          {
            "trust": 0.3,
            "url": "https://github.com/powerdns/pdns/pull/4133"
          },
          {
            "trust": 0.3,
            "url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-july/015073.html"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "91678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "91678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-07T00:00:00",
            "db": "BID",
            "id": "91678"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "date": "2016-07-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "date": "2017-02-09T15:59:01.237000",
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-07-07T00:00:00",
            "db": "BID",
            "id": "91678"
          },
          {
            "date": "2017-03-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2016-6173"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NSD Service disruption in  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-007717"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201607-081"
          }
        ],
        "trust": 0.6
      }
    }