Fabre

#1134954 rust-hickory-recursor: CVE-2026-42254 #1134954

Package:: src:rust-hickory-recursor

Source:: src:rust-hickory-recursor

Submitter:: Moritz Mühlenhoff

Date:: 2026-04-26 11:53:03 UTC

Severity:: normal

Tags:

#1134954#5

Date:: 2026-04-26 11:19:35 UTC

From:

To:

Hi,

The following vulnerability was published for rust-hickory-recursor.

CVE-2026-42254[0]:
| Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone
| poisoning because cached data is not directly associated with a
| query that triggered a response.

https://rustsec.org/advisories/RUSTSEC-2026-0106.html
https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-83hf-93m4-rgwq


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-42254
https://www.cve.org/CVERecord?id=CVE-2026-42254

Please adjust the affected versions in the BTS as needed.

#1134954 rust-hickory-recursor: CVE-2026-42254 #1134954

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)