CVE-2026-12245
published 2026-06-25CVE-2026-12245: NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered…
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.27%
19.1th percentile
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nlnet_labs | nsd | >= 4.13.0 < 4.14.3 | 4.14.3 |
| nlnetlabs | nsd | >= 4.13.0 < 4.14.3 | 4.14.3 |
| ubuntu | nsd | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_ubuntu8.7HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
NLnet Labs NSD up to 4.14.2 TLS Connection use after free (EUVD-2026-39183 / Nessus ID 322955)
vuldb·2026-06-26·CVSS 7.5
CVE-2026-12245 [HIGH] NLnet Labs NSD up to 4.14.2 TLS Connection use after free (EUVD-2026-39183 / Nessus ID 322955)
A vulnerability was found in NLnet Labs NSD up to 4.14.2. It has been declared as critical. This issue affects some unknown processing of the component TLS Connection Handler. The manipulation results in use after free.
This vulnerability is identified as CVE-2026-12245. The attack can be executed remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT co
ghsa_unreviewed·2026-06-25
CVE-2026-12245 [HIGH] CWE-416 NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT co
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
Ubuntu
NSD vulnerabilities
vendor_ubuntu·2026-06-25·CVSS 8.7
CVE-2026-12490 [HIGH] NSD vulnerabilities
Title: NSD vulnerabilities
Summary: NSD could be made to crash or run programs if it received specially
crafted network traffic.
It was discovered that NSD incorrectly handled APL resource records with an
address length larger than permitted for the address family. A remote attacker
could use this to cause a stack-based buffer overflow when the zone is written
to disk, potentially executing arbitrary code with the privileges of the NSD
server. (CVE-2026-12246)
It was discovered that NSD incorrectly handled SVCB resource records. A remote
attacker could use this to cause a heap overflow, potentially executing
arbitrary code with the privileges of the NSD server. This issue only affected
Ubuntu 26.04 LTS. (CVE-2026-12244)
It was discovered that NSD had a use-after-free vulnerability in T
Red Hat
NSD: Denial of DNS over TLS service by any DoT client
vendor_redhat·2026-06-25·CVSS 7.5
CVE-2026-12245 [HIGH] CWE-617 NSD: Denial of DNS over TLS service by any DoT client
NSD: Denial of DNS over TLS service by any DoT client
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
A flaw was found in NSD. When NSD is configured with DNS over TLS (DoT), a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker can keep the server in a continuous crash-restart loop, leading to a denial of service for DoT clients.
Statement: This is an Important denial of service vulnerability in NSD wh
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-12245 nsd: Denial of DNS over TLS service by any DoT client [fedora-all]
bugzilla·2026-06-29·CVSS 7.5
CVE-2026-12245 [HIGH] CVE-2026-12245 nsd: Denial of DNS over TLS service by any DoT client [fedora-all]
CVE-2026-12245 nsd: Denial of DNS over TLS service by any DoT client [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
If NSD is configured with DNS over TLS, a client that performs a TLS action, closing the connection early, causes a crash and restart of the server process. An attacker can keep all children in a crash-restart loop denying DoT service.
Bugzilla
CVE-2026-12245 nsd: Denial of DNS over TLS service by any DoT client [epel-all]
bugzilla·2026-06-29·CVSS 7.5
CVE-2026-12245 [HIGH] CVE-2026-12245 nsd: Denial of DNS over TLS service by any DoT client [epel-all]
CVE-2026-12245 nsd: Denial of DNS over TLS service by any DoT client [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
If NSD is configured with DNS over TLS, a client that performs a TLS action, closing the connection early, causes a crash and restart of the server process. An attacker can keep all children in a crash-restart loop denying DoT service.
Bugzilla
CVE-2026-12245 NSD: Denial of DNS over TLS service by any DoT client
bugzilla·2026-06-22·CVSS 7.5
CVE-2026-12245 [HIGH] CVE-2026-12245 NSD: Denial of DNS over TLS service by any DoT client
CVE-2026-12245 NSD: Denial of DNS over TLS service by any DoT client
If NSD is configured with DNS over TLS, a client that performs a TLS action, closing the connection early, causes a crash and restart of the server process. An attacker can keep all children in a crash-restart loop denying DoT service.
2026-06-25
Published