CVE-2026-1678 CRITICAL

CVE-2026-1678: dns: memory‑safety issue in the DNS name parser

Vendor Zephyrproject-Rtos
Product Zephyr
Weakness CWE-787
Published March 5, 2026
Last update March 5, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.

Key dates

02Disclosure timeline

March 5, 2026 CVE published
March 5, 2026 Record updated