CVE-2026-6238

Name of the Vulnerable Software and Affected Versions GNU C Library versions 2.2 through 2.33 GNU C Library version 2.34 (affected versions not specified)

Description The deprecated functions ns printrrf(), ns printrr(), and fp nquery() fail to validate RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY, or TSIG records. This lack of validation may allow an attacker to craft a DNS response that causes a target application to crash or read uninitialized memory. These functions are intended for application debugging and are not in the execution path of the DNS resolver.

Recommendations Stop using the functions ns printrrf(), ns printrr(), and fp nquery() and port applications away from these interfaces as they are deprecated and may be removed in future versions.