CVE-2026-12244 | If NSD is configured as secondary for a zone, the primary of… | CVSS 8.7 HIGH

Description

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes

Metadata

CVE ID: CVE-2026-12244
State: PUBLISHED
Assigner: NLnet Labs
Reserved: 2026-06-15 06:46 UTC
Published: 2026-06-25 05:24 UTC
Last updated: 2026-06-25 05:24 UTC
Primary CWE: CWE-190
CWE-190: Integer Overflow or Wraparound
Vendor / Product: NLnet Labs / NSD
Sources: cve.org · NVD

Severity & Metrics

8.7 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products (1)

Vendor	Product	Platform	Versions
NLnet Labs	NSD	—	4.14.0 < 4.14.3

Weakness (CWE)

CWE	Source	Description
CWE-122	cna	CWE-122: Heap-based Buffer Overflow
CWE-190	cna	CWE-190: Integer Overflow or Wraparound

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.7	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References (1)

https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12244.txt