CVE-2026-1678

dns: memory‑safety issue in the DNS name parser

CVSS 9.4 CRITICALEPSS 0.4%CWE-787

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.4EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

05 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Produtos afetados

zephyrproject-rtos · Zephyr

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-536f-h63g-hj42