CVE Catalog

CVE-2026-42387

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Summary

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insufficient input validation.

Risk Assessment

An attacker can cause the recursive server to crash, leading to denial of DNS services for users.

Recommendation

Update the Recursor software to the latest version that includes fixes for input validation in the ZoneToCache function.

Original NVD description (English source)

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS