CVE-2026-12245
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
In NSD from version 4.13.0, a heap use-after-free bug was found in logging errors on TLS connections. The vulnerability causes a crash of the server process, which can be easily triggered by sending a DNS query over a DoT connection and closing the connection without reading the response.
Risk Assessment
An attacker can remotely crash the DNS server, leading to service disruption (DoS) and potential loss of availability for users.
Recommendation
It is recommended to immediately update NSD to a version newer than 4.13.0, where this vulnerability has been fixed. If an update is not possible, consider temporarily disabling DoT support.
Original NVD description (English source)
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

