CVE Catalog

CVE-2026-12245

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

In NSD from version 4.13.0, a heap use-after-free bug was found in logging errors on TLS connections. The vulnerability causes a crash of the server process, which can be easily triggered by sending a DNS query over a DoT connection and closing the connection without reading the response.

Risk Assessment

An attacker can remotely crash the DNS server, leading to service disruption (DoS) and potential loss of availability for users.

Recommendation

It is recommended to immediately update NSD to a version newer than 4.13.0, where this vulnerability has been fixed. If an update is not possible, consider temporarily disabling DoT support.

Original NVD description (English source)

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS