Nlnetlabs

Nsd

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.14%
  • Veröffentlicht 25.06.2026 05:24:41
  • Zuletzt bearbeitet 26.06.2026 02:08:03

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the...

  • EPSS 0.24%
  • Veröffentlicht 25.06.2026 05:24:29
  • Zuletzt bearbeitet 26.06.2026 02:07:47

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

  • EPSS 0.26%
  • Veröffentlicht 25.06.2026 05:24:18
  • Zuletzt bearbeitet 26.06.2026 02:07:41

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without readi...

  • EPSS 0.26%
  • Veröffentlicht 25.06.2026 05:24:08
  • Zuletzt bearbeitet 26.06.2026 02:07:23

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space ne...

  • EPSS 3.45%
  • Veröffentlicht 05.11.2019 19:15:10
  • Zuletzt bearbeitet 21.11.2024 01:57:54

Cache Poisoning issue exists in DNS Response Rate Limiting.

  • EPSS 2.92%
  • Veröffentlicht 09.02.2017 15:59:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.

  • EPSS 9.24%
  • Veröffentlicht 27.07.2012 10:27:49
  • Zuletzt bearbeitet 16.06.2026 23:42:27

query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.

  • EPSS 3.16%
  • Veröffentlicht 22.05.2009 11:52:40
  • Zuletzt bearbeitet 16.06.2026 23:07:59

Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified v...