Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

NSD

Source -

CNA

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2026-12490
Assigner-NLnet Labs
ShareView Details
Assigner-NLnet Labs
CVSS Score-8.2||HIGH
EPSS-0.14% / 3.49%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 05:24
Updated-26 Jun, 2026 | 02:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass of client certificate verification with transfer over TLS

When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client certificate is needed when the request comes in over TLS over the regular tls-port (and not the tls-auth-port) or over over TCP over the regular port, when the other conditions of the provide-xfr rule match.

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-nsdNSD
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2026-12246
Assigner-NLnet Labs
ShareView Details
Assigner-NLnet Labs
CVSS Score-7.2||HIGH
EPSS-0.24% / 14.42%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 05:24
Updated-26 Jun, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds stack write with crafted APL RR

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes.

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-nsdNSD
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-20
Improper Input Validation
CVE-2026-12245
Assigner-NLnet Labs
ShareView Details
Assigner-NLnet Labs
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.69%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 05:24
Updated-26 Jun, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of DNS over TLS service by any DoT client

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-nsdNSD
CWE ID-CWE-416
Use After Free
CVE-2026-12244
Assigner-NLnet Labs
ShareView Details
Assigner-NLnet Labs
CVSS Score-8.7||HIGH
EPSS-0.26% / 17.42%
||
7 Day CHG~0.00%
Published-25 Jun, 2026 | 05:24
Updated-26 Jun, 2026 | 02:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap overflow and crash with crafted SVCB RR

If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted SVCB RR with an rdata size of 65512, that let's an (uint16_t) variable that is used to allocate space needed for the RR wrap (because total size > 65535), causing a heap overflow. The attacker can perform a controlled (RCE class) head write of up to 65509 bytes

Action-Not Available
Vendor-nlnetlabsNLnet Labs
Product-nsdNSD
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-28935
Assigner-NLnet Labs
ShareView Details
Assigner-NLnet Labs
CVSS Score-5.5||MEDIUM
EPSS-0.48% / 38.03%
||
7 Day CHG~0.00%
Published-07 Dec, 2020 | 21:46
Updated-16 Sep, 2024 | 23:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Local symlink attack in Unbound and NSD

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.

Action-Not Available
Vendor-nlnetlabsNLnet LabsDebian GNU/Linux
Product-unboundname_server_daemondebian_linuxNSDUnbound
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')