{"id":"CVE-2026-12245","details":"NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response.","modified":"2026-07-15T06:01:19.461375Z","published":"2026-06-25T07:16:45.080Z","references":[{"type":"FIX","url":"https://www.nlnetlabs.nl/downloads/nsd/CVE-2026-12245.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nlnetlabs/nsd","events":[{"introduced":"559013e8371cb645cd4150d41401823ad3789124"},{"fixed":"fc930b88cb4f628defae9835449065945bda7ddc"}],"database_specific":{"cpe":"cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.13.0"},{"fixed":"4.14.3"}],"source":"CPE_RANGE"}}],"versions":["NSD_4_14_2_REL","NSD_4_14_2_RC1","NSD_4_14_1_REL","NSD_4_14_1_RC1","list","NSD_4_14_0_RC1","NSD_4_13_0_REL"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-12245.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}