CVE-2026-12246

Summary

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

Affected Software

VendorProductVersion RangeStatus
NLnet LabsNSD4.14.0 < 4.14.3affected

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input
  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References