CVE Catalog

CVE-2026-12244

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

22th percentile — higher than 22% of all known CVEs

Summary

A vulnerability in NSD allows an attacker acting as a primary server for a zone to cause a heap overflow by sending an AXFR response containing a specially crafted SVCB record with an rdata size of 65512 bytes. This causes a uint16_t variable used for memory allocation to wrap, leading to a write beyond the allocated buffer.

Risk Assessment

An attacker can remotely execute arbitrary code (RCE) on the NSD server, potentially leading to full system compromise and impacting the confidentiality, integrity, and availability of DNS services.

Recommendation

Update NSD immediately to a version that fixes this vulnerability. Until then, restrict trusted primary servers for zones and implement validation mechanisms for AXFR responses.

Original NVD description (English source)

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes

Vulnerability data from NVD (NIST) · CISA KEV · EPSS