Fedora Account System
Red Hat Associate
Red Hat Customer
NSEC/NSEC3 bitmap window iteration in dnssec.c advances by p[1] instead of p[1] + 2, missing the 2-byte window header. When bitmap_length=0, neither rdlen nor p change, creating an infinite loop. Two instances at dnssec.c:1290 and dnssec.c:1450. Reachable before RRSIG validation so no valid signatures are needed. One of the two sites was coincidentally fixed in 2.92. Fix: add +2 to both the pointer advance and rdlen decrement.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:19158 https://access.redhat.com/errata/RHSA-2026:19158
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:19373 https://access.redhat.com/errata/RHSA-2026:19373
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:20589 https://access.redhat.com/errata/RHSA-2026:20589
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.6 Extended Update Support Via RHSA-2026:34508 https://access.redhat.com/errata/RHSA-2026:34508