<Vulnerability name="CVE-2026-12245">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Important</ThreatSeverity>
    <PublicDate>2026-06-25T00:00:00</PublicDate>
    <Bugzilla id="2491588" url="https://bugzilla.redhat.com/show_bug.cgi?id=2491588" xml:lang="en:us">
NSD: Denial of DNS over TLS service by any DoT client
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>7.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-617</CWE>
    <Details xml:lang="en:us" source="Mitre">
NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in NSD. When NSD is configured with DNS over TLS (DoT), a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker can keep the server in a continuous crash-restart loop, leading to a denial of service for DoT clients.
    </Details>
    <Statement xml:lang="en:us">
This is an Important denial of service vulnerability in NSD when configured for DNS over TLS (DoT). A remote, unauthenticated attacker can trigger a server crash and restart by prematurely closing a TLS connection, leading to a continuous crash-restart loop and denying DoT service to legitimate clients. This impact is significant for environments relying on DoT for secure DNS resolution.

This vulnerability doesn't affect any supported Red Hat Product.
    </Statement>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-12245
https://nvd.nist.gov/vuln/detail/CVE-2026-12245
    </References>
</Vulnerability>