Several vulnerabilities were found in NLnet Labs NSD

[Willem Toorop <willem () nlnetlabs nl>]

Several vulnerabilities were found in NLnet Labs NSD.
We have released version 4.14.3 as a security release today,Thursday 25 
June, with the fixes to these issues.

The overview of the vulnerabilities with a brief description is:

CVE-2026-12244 - severity: HIGH
Heap overflow and crash with crafted SVCB RR

CVE-2026-12245 - severity: HIGH
Denial of DNS over TLS service by any DoT client

CVE-2026-12246 - severity: HIGH
Out of bounds stack write with crafted APL RR

CVE-2026-12490 - severity: HIGH
Bypass of client certificate verification with transfer over TLS

You can find detailed information on each vulnerability attached to this 
email along with their respective patches.

For ease of deployment we also provide a combined patch including all of 
them (patch_combined-4.14.3.diff).

The patches are tested to apply/work on 4.14.2


Best regards,
-- Willem, on behalf of the NSD team.

Attachment: CVE-2026-12244.txt
Description:

Attachment: patch_CVE-2026-12244.diff
Description:

Attachment: CVE-2026-12245.txt
Description:

Attachment: patch_CVE-2026-12245.diff
Description:

Attachment: CVE-2026-12246.txt
Description:

Attachment: patch_CVE-2026-12246.diff
Description:

Attachment: CVE-2026-12490.txt
Description:

Attachment: patch_CVE-2026-12490.diff
Description:

Attachment: patch_combined-4.14.3.diff
Description: