{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12245", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "state": "PUBLISHED", "assignerShortName": "NLnet Labs", "dateReserved": "2026-06-15T06:47:18.496Z", "datePublished": "2026-06-25T05:24:18.620Z", "dateUpdated": "2026-06-25T12:42:50.104Z"}, "containers": {"cna": {"title": "Denial of DNS over TLS service by any DoT client", "references": [{"tags": ["vendor-advisory"], "url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt"}], "solutions": [{"lang": "en", "value": "This issue is fixed starting with version 4.14.3."}], "affected": [{"defaultStatus": "unaffected", "product": "NSD", "vendor": "NLnet Labs", "versions": [{"version": "4.13.0", "lessThan": "4.14.3", "status": "affected", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Qifan Zhang from Palo Alto Networks"}], "timeline": [{"lang": "en", "time": "2026-05-28T00:00:00.000Z", "value": "Issue reported by Qifan Zhang"}, {"lang": "en", "time": "2026-06-12T00:00:00.000Z", "value": "NLnet Labs shares patch"}, {"lang": "en", "time": "2026-06-15T00:00:00.000Z", "value": "Qifan Zhang verifies patch"}, {"lang": "en", "time": "2026-06-25T00:00:00.000Z", "value": "Fix released with version 4.14.3"}], "datePublic": "2026-06-25T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."}], "metrics": [{"scenarios": [{"lang": "en", "value": "Any client with access to the DoT port (853) can keep all iserve children in a crash-restart loop denying DoT service"}], "cvssV4_0": {"baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en", "type": "CWE"}]}], "x_generator": {"engine": "cvelib 1.8.0"}, "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2026-06-25T05:24:18.620Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-25T12:42:22.635356Z", "id": "CVE-2026-12245", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T12:42:50.104Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T12:42:22.635356Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T12:42:36.299Z"}}], "cna": {"title": "Denial of DNS over TLS service by any DoT client", "credits": [{"lang": "en", "type": "finder", "value": "Qifan Zhang from Palo Alto Networks"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}, "scenarios": [{"lang": "en", "value": "Any client with access to the DoT port (853) can keep all iserve children in a crash-restart loop denying DoT service"}]}], "affected": [{"vendor": "NLnet Labs", "product": "NSD", "versions": [{"status": "affected", "version": "4.13.0", "lessThan": "4.14.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-05-28T00:00:00.000Z", "value": "Issue reported by Qifan Zhang"}, {"lang": "en", "time": "2026-06-12T00:00:00.000Z", "value": "NLnet Labs shares patch"}, {"lang": "en", "time": "2026-06-15T00:00:00.000Z", "value": "Qifan Zhang verifies patch"}, {"lang": "en", "time": "2026-06-25T00:00:00.000Z", "value": "Fix released with version 4.14.3"}], "solutions": [{"lang": "en", "value": "This issue is fixed starting with version 4.14.3."}], "datePublic": "2026-06-25T00:00:00.000Z", "references": [{"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416: Use After Free"}]}], "providerMetadata": {"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "shortName": "NLnet Labs", "dateUpdated": "2026-06-25T05:24:18.620Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12245", "state": "PUBLISHED", "dateUpdated": "2026-06-25T12:42:50.104Z", "dateReserved": "2026-06-15T06:47:18.496Z", "assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6", "datePublished": "2026-06-25T05:24:18.620Z", "assignerShortName": "NLnet Labs"}, "dataVersion": "5.2"}

{}

{"bugzilla": {"description": "NSD: Denial of DNS over TLS service by any DoT client", "id": "2491588", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491588"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-617", "details": ["NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.", "A flaw was found in NSD. When NSD is configured with DNS over TLS (DoT), a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker can keep the server in a continuous crash-restart loop, leading to a denial of service for DoT clients."], "name": "CVE-2026-12245", "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12245\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12245"], "statement": "This is an Important denial of service vulnerability in NSD when configured for DNS over TLS (DoT). A remote, unauthenticated attacker can trigger a server crash and restart by prematurely closing a TLS connection, leading to a continuous crash-restart loop and denying DoT service to legitimate clients. This impact is significant for environments relying on DoT for secure DNS resolution.\nThis vulnerability doesn't affect any supported Red Hat Product.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.13.0,4.14.3)"}}], "enrichment": {"confidence": 96.0, "confidence_source": "matching", "scores": [{"score": 96.0, "source": "matching"}]}, "original": {"product": "NSD", "source": "cna", "vendor": "NLnet Labs"}, "product": "nsd", "vendor": "nlnetlabs"}], "created": "2026-06-25T07:30:17.062993+00:00", "updated": "2026-06-30T03:30:05.202984+00:00", "vendors": ["nlnetlabs", "nlnetlabs$PRODUCT$nsd"]}