Search CVE reports


Toggle filters

11 – 20 of 52 results


CVE-2026-42005

Medium priority
Needs evaluation

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

3 affected packages

dnsdist, pdns, pdns-recursor

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pdns Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
pdns-recursor Not affected Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-12490

Medium priority
Fixed

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular...

1 affected package

nsd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nsd Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-12246

Medium priority

Some fixes available 5 of 6

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111...

1 affected package

nsd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nsd Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2026-12245

Medium priority

Some fixes available 1 of 2

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the...

1 affected package

nsd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nsd Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-12244

Medium priority

Some fixes available 1 of 2

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used...

1 affected package

nsd

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
nsd Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2026-33602

Medium priority
Needs evaluation

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.

1 affected package

dnsdist

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-33599

Medium priority
Needs evaluation

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.

1 affected package

dnsdist

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-33598

Medium priority
Needs evaluation

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.

1 affected package

dnsdist

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-33597

Medium priority
Needs evaluation

PRSD detection denial of service

1 affected package

dnsdist

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-33596

Medium priority
Needs evaluation

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.

1 affected package

dnsdist

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
dnsdist Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages