GHSA-rcp9-2p4r-m2hmHighCVSS 7.5

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections,...

Published
June 25, 2026
Last Modified
June 26, 2026

🔗 CVE IDs covered (1)

📋 Description

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.

🔗 References (3)