CVE-2026-1678

Name of the Vulnerable Software and Affected Versions Zephyr RTOS (affected versions not specified)

Description The dns unpack name() function improperly manages buffer space when appending DNS labels, leading to a potential out-of-bounds write. Specifically, the function caches the buffer tailroom and reuses it, but this cached size becomes inaccurate as the buffer grows. When assertions are disabled (the default configuration), a crafted malicious DNS response can trigger this issue when CONFIG DNS RESOLVER is enabled. The issue involves writing past the buffer's boundaries when attempting to add the final null terminator. This could potentially lead to remote code execution (RCE) on IoT devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.