CVE Catalog

CVE-2026-12246

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

In NSD version 4.14.0, a bug was introduced where a specially crafted APL RR with an adflength larger than permitted for the address family overwrites the stack when the zone is written to disk, with a maximum of 111 attacker-controlled bytes.

Risk Assessment

An attacker can remotely cause a stack overflow, potentially leading to arbitrary code execution or denial of service of the NSD service, compromising the integrity and availability of the DNS server.

Recommendation

Immediately update NSD to version 4.14.1 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS