Skip to main content

Nsd

6 CVEs product

Monthly

CVE-2026-12490 HIGH PATCH This Week

Zone-transfer authentication bypass in NLnet Labs NSD allows unauthorized secondaries to obtain full zone contents without presenting the required TLS client certificate. Although a provide-xfr rule specifies a tls-auth-name (mandating client-certificate authentication), NSD only enforces this on the dedicated tls-auth-port; requests arriving over plain TCP on the regular port or over TLS on the regular tls-port are served when the remaining provide-xfr conditions match, defeating mutual-TLS access control. Reported by NLnet Labs with CVSS 4.0 8.2; no public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Nsd Red Hat Suse
NVD VulDB
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-12246 HIGH PATCH This Week

Stack buffer overflow in NSD 4.14.0 (NLnet Labs authoritative DNS server) allows a party able to introduce zone data to overwrite up to 111 attacker-controlled bytes on the stack when a specially crafted APL resource record - carrying an adflength larger than the address family permits - is serialized as the zone is written to disk. Per the CVSS 4.0 vector (PR:L), exploitation requires low privileges and yields high integrity and availability impact, consistent with memory corruption leading to crash or potential code execution. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Nsd Red Hat Suse
NVD VulDB
CVSS 4.0
7.2
EPSS
0.2%
CVE-2026-12245 HIGH PATCH This Week

Remote denial-of-service in NLnet Labs NSD (authoritative DNS name server) version 4.13.0 and later allows an unauthenticated attacker to crash the server process by exploiting a heap use-after-free in the TLS error-logging path. By sending a DNS query over a DNS-over-TLS (DoT) connection and closing the socket before reading the response, an attacker triggers the freed-memory access trivially; no public exploit identified at time of analysis, and the issue is not in CISA KEV. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity exposure.

Memory Corruption Denial Of Service Use After Free Nsd Red Hat +1
NVD VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-12244 HIGH PATCH This Week

Heap overflow in NLnet Labs NSD allows a malicious or compromised zone primary to corrupt memory on a secondary (slave) NSD instance by sending an AXFR transfer containing a crafted SVCB resource record. An rdata size of 65512 causes a uint16_t length variable used for RR allocation to wrap (total size exceeds 65535), producing an undersized buffer and a controlled out-of-bounds write of up to 65509 bytes - an RCE-class primitive (CWE-190 integer overflow leading to heap overflow). No public exploit identified at time of analysis, but the controlled write and remote network vector (CVSS 4.0 base 8.7) make this a high-priority patch for any operator running NSD as a secondary.

Integer Overflow Denial Of Service Nsd Red Hat Suse
NVD VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2016-6173 HIGH This Week

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nsd
NVD GitHub
CVSS 3.0
7.5
EPSS
3.4%
CVE-2012-2978 MEDIUM This Month

query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nsd
NVD
CVSS 2.0
5.0
EPSS
1.4%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Zone-transfer authentication bypass in NLnet Labs NSD allows unauthorized secondaries to obtain full zone contents without presenting the required TLS client certificate. Although a provide-xfr rule specifies a tls-auth-name (mandating client-certificate authentication), NSD only enforces this on the dedicated tls-auth-port; requests arriving over plain TCP on the regular port or over TLS on the regular tls-port are served when the remaining provide-xfr conditions match, defeating mutual-TLS access control. Reported by NLnet Labs with CVSS 4.0 8.2; no public exploit identified at time of analysis and not listed in CISA KEV.

Authentication Bypass Nsd Red Hat +1
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Stack buffer overflow in NSD 4.14.0 (NLnet Labs authoritative DNS server) allows a party able to introduce zone data to overwrite up to 111 attacker-controlled bytes on the stack when a specially crafted APL resource record - carrying an adflength larger than the address family permits - is serialized as the zone is written to disk. Per the CVSS 4.0 vector (PR:L), exploitation requires low privileges and yields high integrity and availability impact, consistent with memory corruption leading to crash or potential code execution. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Buffer Overflow Nsd Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Remote denial-of-service in NLnet Labs NSD (authoritative DNS name server) version 4.13.0 and later allows an unauthenticated attacker to crash the server process by exploiting a heap use-after-free in the TLS error-logging path. By sending a DNS query over a DNS-over-TLS (DoT) connection and closing the socket before reading the response, an attacker triggers the freed-memory access trivially; no public exploit identified at time of analysis, and the issue is not in CISA KEV. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity exposure.

Memory Corruption Denial Of Service Use After Free +3
NVD VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Heap overflow in NLnet Labs NSD allows a malicious or compromised zone primary to corrupt memory on a secondary (slave) NSD instance by sending an AXFR transfer containing a crafted SVCB resource record. An rdata size of 65512 causes a uint16_t length variable used for RR allocation to wrap (total size exceeds 65535), producing an undersized buffer and a controlled out-of-bounds write of up to 65509 bytes - an RCE-class primitive (CWE-190 integer overflow leading to heap overflow). No public exploit identified at time of analysis, but the controlled write and remote network vector (CVSS 4.0 base 8.7) make this a high-priority patch for any operator running NSD as a secondary.

Integer Overflow Denial Of Service Nsd +2
NVD VulDB
EPSS 3% CVSS 7.5
HIGH This Week

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nsd
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM This Month

query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nsd
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy