Search
Find a vulnerability
Search criteria
17 vulnerabilities found for nsd by nlnetlabs
CVE-2026-12490 (GCVE-0-2026-12490)
Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:41
VLAI
Title
Bypass of client certificate verification with transfer over TLS
Summary
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.10.1 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:40:01.913311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:41:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.10.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Transfer security restrictions for client certificates can be bypassed completely if the attacker can match the other access control conditions, and the tls-auth-xfr-only option is not explicitly set to yes (which it by default is not)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:41.814Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-06-16T00:00:00.000Z",
"value": "NLnet Labs shares patch"
},
{
"lang": "en",
"time": "2026-06-17T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Bypass of client certificate verification with transfer over TLS",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12490",
"datePublished": "2026-06-25T05:24:41.814Z",
"dateReserved": "2026-06-17T06:44:23.686Z",
"dateUpdated": "2026-06-25T12:41:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12246 (GCVE-0-2026-12246)
Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
VLAI
Title
Out of bounds stack write with crafted APL RR
Summary
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.14.0 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:41:56.092027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:42:05.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Haruki Oyama from Waseda University"
},
{
"lang": "en",
"type": "finder",
"value": "zhangph"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Processing of a zone containing a crafted APL can crash NSD when writing the zone to disk. These zones can be provided by a trusted primary"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:29.512Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Haruki Oyama"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch with Qifan Zhang and Haruki Oyama"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Haruki Oyama verifies patch"
},
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-16T00:00:00.000Z",
"value": "Issue reported by zhangph"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch with zhangph"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Out of bounds stack write with crafted APL RR",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12246",
"datePublished": "2026-06-25T05:24:29.512Z",
"dateReserved": "2026-06-15T06:47:44.761Z",
"dateUpdated": "2026-06-25T12:42:05.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12245 (GCVE-0-2026-12245)
Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
VLAI
Title
Denial of DNS over TLS service by any DoT client
Summary
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.13.0 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:42:22.635356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:42:50.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Any client with access to the DoT port (853) can keep all iserve children in a crash-restart loop denying DoT service"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:18.620Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch"
},
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Denial of DNS over TLS service by any DoT client",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12245",
"datePublished": "2026-06-25T05:24:18.620Z",
"dateReserved": "2026-06-15T06:47:18.496Z",
"dateUpdated": "2026-06-25T12:42:50.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12244 (GCVE-0-2026-12244)
Vulnerability from nvd – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:45
VLAI
Title
Heap overflow and crash with crafted SVCB RR
Summary
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.14.0 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:45:15.927329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:45:34.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let\u0027s an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size \u003e 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes"
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Processing of a zonefile containing a crafted SVCB. These can be provided by a trusted primary"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:08.548Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch"
},
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Heap overflow and crash with crafted SVCB RR",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12244",
"datePublished": "2026-06-25T05:24:08.548Z",
"dateReserved": "2026-06-15T06:46:44.866Z",
"dateUpdated": "2026-06-25T12:45:34.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-5661 (GCVE-0-2013-5661)
Vulnerability from nvd – Published: 2019-11-05 18:14 – Updated: 2024-08-06 17:15
VLAI
Summary
Cache Poisoning issue exists in DNS Response Rate Limiting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
Date Public
2013-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T18:14:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-5661",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5661",
"datePublished": "2019-11-05T18:14:31.000Z",
"dateReserved": "2013-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:15:21.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6173 (GCVE-0-2016-6173)
Vulnerability from nvd – Published: 2017-02-09 15:00 – Updated: 2024-08-06 01:22
VLAI
Summary
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://open.nlnetlabs.nl/pipermail/nsd-users/201… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/07/06/3 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/91678 | vdb-entryx_refsource_BID |
| https://www.nlnetlabs.nl/bugs-script/show_bug.cgi… | x_refsource_CONFIRM |
| https://lists.dns-oarc.net/pipermail/dns-operatio… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/07/06/4 | mailing-listx_refsource_MLIST |
| http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_R… | x_refsource_CONFIRM |
| https://github.com/sischkg/xfer-limit/blob/master… | x_refsource_MISC |
Date Public
2016-07-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nsd-users] 20160809 NSD 4.1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T10:57:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[nsd-users] 20160809 NSD 4.1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6173",
"datePublished": "2017-02-09T15:00:00.000Z",
"dateReserved": "2016-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2978 (GCVE-0-2012-2978)
Vulnerability from nvd – Published: 2012-07-27 10:00 – Updated: 2024-08-06 19:50
VLAI
Summary
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/84097 | vdb-entryx_refsource_OSVDB |
| http://www.kb.cert.org/vuls/id/624931 | third-party-advisoryx_refsource_CERT-VN |
| http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/54606 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/49795 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/49997 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2012/dsa-2515 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84097"
},
{
"name": "VU#624931",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/624931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
},
{
"name": "54606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54606"
},
{
"name": "49795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49795"
},
{
"name": "49997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49997"
},
{
"name": "DSA-2515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "84097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84097"
},
{
"name": "VU#624931",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/624931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
},
{
"name": "54606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54606"
},
{
"name": "49795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49795"
},
{
"name": "49997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49997"
},
{
"name": "DSA-2515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84097",
"refsource": "OSVDB",
"url": "http://osvdb.org/84097"
},
{
"name": "VU#624931",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/624931"
},
{
"name": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
},
{
"name": "54606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54606"
},
{
"name": "49795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49795"
},
{
"name": "49997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49997"
},
{
"name": "DSA-2515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2978",
"datePublished": "2012-07-27T10:00:00.000Z",
"dateReserved": "2012-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1755 (GCVE-0-2009-1755)
Vulnerability from nvd – Published: 2009-05-22 01:00 – Updated: 2024-09-17 03:23
VLAI
Summary
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.nlnetlabs.nl/publications/NSD_vulnerab… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420 | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2009/05/19/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:53.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
},
{
"name": "[oss-security] 20090519 CVE id request: nsd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-22T01:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
},
{
"name": "[oss-security] 20090519 CVE id request: nsd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
},
{
"name": "[oss-security] 20090519 CVE id request: nsd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1755",
"datePublished": "2009-05-22T01:00:00.000Z",
"dateReserved": "2009-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:23:44.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-12490 (GCVE-0-2026-12490)
Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:41
VLAI
Title
Bypass of client certificate verification with transfer over TLS
Summary
When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.10.1 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:40:01.913311Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:41:18.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.10.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Transfer security restrictions for client certificates can be bypassed completely if the attacker can match the other access control conditions, and the tls-auth-xfr-only option is not explicitly set to yes (which it by default is not)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306: Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:41.814Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12490.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-06-16T00:00:00.000Z",
"value": "NLnet Labs shares patch"
},
{
"lang": "en",
"time": "2026-06-17T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Bypass of client certificate verification with transfer over TLS",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12490",
"datePublished": "2026-06-25T05:24:41.814Z",
"dateReserved": "2026-06-17T06:44:23.686Z",
"dateUpdated": "2026-06-25T12:41:18.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12246 (GCVE-0-2026-12246)
Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
VLAI
Title
Out of bounds stack write with crafted APL RR
Summary
NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.14.0 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:41:56.092027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:42:05.428Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
},
{
"lang": "en",
"type": "finder",
"value": "Haruki Oyama from Waseda University"
},
{
"lang": "en",
"type": "finder",
"value": "zhangph"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Processing of a zone containing a crafted APL can crash NSD when writing the zone to disk. These zones can be provided by a trusted primary"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:29.512Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12246.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Haruki Oyama"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch with Qifan Zhang and Haruki Oyama"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Haruki Oyama verifies patch"
},
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-16T00:00:00.000Z",
"value": "Issue reported by zhangph"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch with zhangph"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Out of bounds stack write with crafted APL RR",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12246",
"datePublished": "2026-06-25T05:24:29.512Z",
"dateReserved": "2026-06-15T06:47:44.761Z",
"dateUpdated": "2026-06-25T12:42:05.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12245 (GCVE-0-2026-12245)
Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:42
VLAI
Title
Denial of DNS over TLS service by any DoT client
Summary
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.13.0 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:42:22.635356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:42:50.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.13.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Any client with access to the DoT port (853) can keep all iserve children in a crash-restart loop denying DoT service"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:18.620Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch"
},
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Denial of DNS over TLS service by any DoT client",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12245",
"datePublished": "2026-06-25T05:24:18.620Z",
"dateReserved": "2026-06-15T06:47:18.496Z",
"dateUpdated": "2026-06-25T12:42:50.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12244 (GCVE-0-2026-12244)
Vulnerability from cvelistv5 – Published: 2026-06-25 05:24 – Updated: 2026-06-25 12:45
VLAI
Title
Heap overflow and crash with crafted SVCB RR
Summary
If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-1… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NLnet Labs | NSD |
Affected:
4.14.0 , < 4.14.3
(semver)
|
Date Public
2026-06-25 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T12:45:15.927329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T12:45:34.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.14.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Qifan Zhang from Palo Alto Networks"
}
],
"datePublic": "2026-06-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let\u0027s an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size \u003e 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes"
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Processing of a zonefile containing a crafted SVCB. These can be provided by a trusted primary"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T05:24:08.548Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed starting with version 4.14.3."
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-28T00:00:00.000Z",
"value": "Issue reported by Qifan Zhang"
},
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "NLnet Labs shares patch"
},
{
"lang": "en",
"time": "2026-06-15T00:00:00.000Z",
"value": "Qifan Zhang verifies patch"
},
{
"lang": "en",
"time": "2026-06-25T00:00:00.000Z",
"value": "Fix released with version 4.14.3"
}
],
"title": "Heap overflow and crash with crafted SVCB RR",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2026-12244",
"datePublished": "2026-06-25T05:24:08.548Z",
"dateReserved": "2026-06-15T06:46:44.866Z",
"dateUpdated": "2026-06-25T12:45:34.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2013-5661 (GCVE-0-2013-5661)
Vulnerability from cvelistv5 – Published: 2019-11-05 18:14 – Updated: 2024-08-06 17:15
VLAI
Summary
Cache Poisoning issue exists in DNS Response Rate Limiting.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
Date Public
2013-12-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:15:21.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-05T18:14:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cache Poisoning issue exists in DNS Response Rate Limiting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-5661"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2013-5661",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2013-5661"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5661",
"datePublished": "2019-11-05T18:14:31.000Z",
"dateReserved": "2013-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:15:21.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6173 (GCVE-0-2016-6173)
Vulnerability from cvelistv5 – Published: 2017-02-09 15:00 – Updated: 2024-08-06 01:22
VLAI
Summary
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://open.nlnetlabs.nl/pipermail/nsd-users/201… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/07/06/3 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/91678 | vdb-entryx_refsource_BID |
| https://www.nlnetlabs.nl/bugs-script/show_bug.cgi… | x_refsource_CONFIRM |
| https://lists.dns-oarc.net/pipermail/dns-operatio… | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2016/07/06/4 | mailing-listx_refsource_MLIST |
| http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_R… | x_refsource_CONFIRM |
| https://github.com/sischkg/xfer-limit/blob/master… | x_refsource_MISC |
Date Public
2016-07-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nsd-users] 20160809 NSD 4.1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-02-10T10:57:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[nsd-users] 20160809 NSD 4.1.11",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"name": "[oss-security] 20160706 Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"name": "91678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"name": "[dns-operations] 20160704 DNS activities in Japan",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html"
},
{
"name": "[oss-security] 20160706 Re: Malicious primary DNS servers can crash secondaries",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sischkg/xfer-limit/blob/master/README.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6173",
"datePublished": "2017-02-09T15:00:00.000Z",
"dateReserved": "2016-07-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T01:22:20.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2978 (GCVE-0-2012-2978)
Vulnerability from cvelistv5 – Published: 2012-07-27 10:00 – Updated: 2024-08-06 19:50
VLAI
Summary
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://osvdb.org/84097 | vdb-entryx_refsource_OSVDB |
| http://www.kb.cert.org/vuls/id/624931 | third-party-advisoryx_refsource_CERT-VN |
| http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/54606 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/49795 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/49997 | third-party-advisoryx_refsource_SECUNIA |
| http://www.debian.org/security/2012/dsa-2515 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2012-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "84097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/84097"
},
{
"name": "VU#624931",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/624931"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
},
{
"name": "54606",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54606"
},
{
"name": "49795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49795"
},
{
"name": "49997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49997"
},
{
"name": "DSA-2515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2515"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-21T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "84097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/84097"
},
{
"name": "VU#624931",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/624931"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
},
{
"name": "54606",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54606"
},
{
"name": "49795",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49795"
},
{
"name": "49997",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49997"
},
{
"name": "DSA-2515",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2515"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "84097",
"refsource": "OSVDB",
"url": "http://osvdb.org/84097"
},
{
"name": "VU#624931",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/624931"
},
{
"name": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt"
},
{
"name": "54606",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54606"
},
{
"name": "49795",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49795"
},
{
"name": "49997",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49997"
},
{
"name": "DSA-2515",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2515"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2978",
"datePublished": "2012-07-27T10:00:00.000Z",
"dateReserved": "2012-05-30T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:50:05.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1755 (GCVE-0-2009-1755)
Vulnerability from cvelistv5 – Published: 2009-05-22 01:00 – Updated: 2024-09-17 03:23
VLAI
Summary
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.nlnetlabs.nl/publications/NSD_vulnerab… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420 | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2009/05/19/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:53.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
},
{
"name": "[oss-security] 20090519 CVE id request: nsd",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-22T01:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
},
{
"name": "[oss-security] 20090519 CVE id request: nsd",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529420"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529418"
},
{
"name": "[oss-security] 20090519 CVE id request: nsd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/19/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1755",
"datePublished": "2009-05-22T01:00:00.000Z",
"dateReserved": "2009-05-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:23:44.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201702-0037
Vulnerability from variot - Updated: 2025-04-20 19:35NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nsd",
"scope": "lte",
"trust": 1.0,
"vendor": "nlnetlabs",
"version": "4.1.10"
},
{
"model": "nsd",
"scope": "lt",
"trust": 0.8,
"vendor": "stichting nlnet",
"version": "4.1.11"
},
{
"model": "nsd",
"scope": "eq",
"trust": 0.6,
"vendor": "nlnetlabs",
"version": "4.1.10"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.4.7"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.4.6"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.4.5"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.4.4"
},
{
"model": "authoritative server",
"scope": "eq",
"trust": 0.3,
"vendor": "powerdns",
"version": "3.4"
},
{
"model": "nsd",
"scope": "eq",
"trust": 0.3,
"vendor": "nsd",
"version": "0"
},
{
"model": "dns knot dns",
"scope": "eq",
"trust": 0.3,
"vendor": "knot",
"version": "0"
},
{
"model": "authoritative server",
"scope": "ne",
"trust": 0.3,
"vendor": "powerdns",
"version": "4.0.0"
}
],
"sources": [
{
"db": "BID",
"id": "91678"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:nlnet_labs:nsd",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "91678"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6173",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6173",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6173",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6173",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6173",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-081",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Multiple DNS Servers are prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "BID",
"id": "91678"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6173",
"trust": 2.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/07/06/3",
"trust": 1.6
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/07/06/4",
"trust": 1.6
},
{
"db": "BID",
"id": "91678",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007717",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "91678"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"id": "VAR-201702-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.18333334
},
"last_update_date": "2025-04-20T19:35:47.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug 790",
"trust": 0.8,
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"title": "NSD RELEASE NOTES",
"trust": 0.8,
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES"
},
{
"title": "[nsd-users] NSD 4.1.11",
"trust": 0.8,
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html"
},
{
"title": "NSD Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62673"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://github.com/sischkg/xfer-limit/blob/master/readme.md"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/3"
},
{
"trust": 1.6,
"url": "http://www.nlnetlabs.nl/svn/nsd/tags/nsd_4_1_11_rel/doc/relnotes"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2016/07/06/4"
},
{
"trust": 1.6,
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790"
},
{
"trust": 1.6,
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-july/015058.html"
},
{
"trust": 1.6,
"url": "https://open.nlnetlabs.nl/pipermail/nsd-users/2016-august/002342.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/91678"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6173"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6173"
},
{
"trust": 0.3,
"url": "https://github.com/powerdns/pdns/pull/4133"
},
{
"trust": 0.3,
"url": "https://lists.dns-oarc.net/pipermail/dns-operations/2016-july/015073.html"
}
],
"sources": [
{
"db": "BID",
"id": "91678"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "91678"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "BID",
"id": "91678"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"date": "2016-07-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"date": "2017-02-09T15:59:01.237000",
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-07T00:00:00",
"db": "BID",
"id": "91678"
},
{
"date": "2017-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007717"
},
{
"date": "2017-02-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-081"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-6173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NSD Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007717"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-081"
}
],
"trust": 0.6
}
}