Skip to main content

NSD CVE-2026-12245

| EUVDEUVD-2026-39183 HIGH
Use After Free (CWE-416)
2026-06-25 NLnet Labs GHSA-rcp9-2p4r-m2hm
8.7
CVSS 4.0 · Vendor: NLnet Labs
Share

Severity by source

Vendor (NLnet Labs) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Remote, low-complexity, unauthenticated trigger with no user interaction; impact is a server crash, so availability-only (A:H) with no confidentiality or integrity effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
HIGH
qualitative
Red Hat
7.5 HIGH
qualitative

Primary rating from Vendor (NLnet Labs).

CVSS VectorVendor: NLnet Labs

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 08:01 EUVD
Analysis Generated
Jun 25, 2026 - 07:00 vuln.today

DescriptionCVE.org

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

AnalysisAI

Remote denial-of-service in NLnet Labs NSD (authoritative DNS name server) version 4.13.0 and later allows an unauthenticated attacker to crash the server process by exploiting a heap use-after-free in the TLS error-logging path. By sending a DNS query over a DNS-over-TLS (DoT) connection and closing the socket before reading the response, an attacker triggers the freed-memory access trivially; no public exploit identified at time of analysis, and the issue is not in CISA KEV. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Open DoT connection to NSD:853
Delivery
Send DNS query over TLS
Exploit
Close socket before reading response
Execution
Trigger error-logging use-after-free
Impact
NSD process crashes (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target NSD instance (version 4.13.0 or later) is configured to serve DNS over TLS (DoT) and is reachable on its TLS listener (typically TCP/853); the attacker sends a DNS query over that DoT connection and closes the socket before reading the response. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available signals point to a real, easily-triggered denial-of-service risk against DoT-enabled NSD deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker opens a DNS-over-TLS connection to a public-facing NSD authoritative server on port 853, sends a single DNS query, and immediately closes the connection without reading the response, causing NSD to hit the use-after-free in its error-logging path and crash. Repeating this drops the authoritative DNS service for all hosted zones; because no authentication or user interaction is required, the attack can be fully scripted, though no public exploit code has been identified.
Remediation Upgrade NSD to the fixed release identified in the NLnet Labs advisory at https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt; an exact patched version was not provided in the input data and must be taken from that advisory (do not assume a version number). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit inventory for NSD 4.13.0+ instances in production; confirm DNS failover capacity and secondary nameserver readiness. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important

Share

CVE-2026-12245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy