Skip to main content

Ldns

4 CVEs product

Monthly

CVE-2026-10846 HIGH PATCH This Week

Off-path DNS response spoofing in NLnet Labs ldns 1.2.0 through 1.9.0 allows remote attackers to inject forged answers into applications that use the library as a UDP stub resolver, including the bundled drill tool. The library fails to validate the response source address/port, the query transaction ID, and the question section against the original query, making cache and answer poisoning feasible without on-path positioning. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.2 reflects high integrity impact on any downstream application that trusted ldns to validate DNS answers.

Information Disclosure Ldns Suse
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2017-1000232 CRITICAL POC Act Now

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ldns
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2017-1000231 CRITICAL PATCH Act Now

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ldns
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2014-3209 LOW Monitor

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ldns
NVD
CVSS 2.0
2.1
EPSS
0.2%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Off-path DNS response spoofing in NLnet Labs ldns 1.2.0 through 1.9.0 allows remote attackers to inject forged answers into applications that use the library as a UDP stub resolver, including the bundled drill tool. The library fails to validate the response source address/port, the query transaction ID, and the question section against the original query, making cache and answer poisoning feasible without on-path positioning. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.2 reflects high integrity impact on any downstream application that trusted ldns to validate DNS answers.

Information Disclosure Ldns Suse
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ldns
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ldns
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ldns
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy