Denial of Service Vulnerability in Zephyr's DNS Resolver
CVE-2026-10657

3.7LOW

Key Information:

Status
Vendor
CVE Published:
5 July 2026

What is CVE-2026-10657?

The vulnerability in Zephyr's DNS resolver arises from improper handling of mDNS (.local) queries. When the final label of the resolved hostname is shorter than the expected 7 bytes, the DNS resolver attempts to perform a comparison that reads past the end of the string. This buffer over-read can lead to a denial of service if it crosses an unmapped memory boundary. The issue particularly affects configurations where CONFIG_MDNS_RESOLVER is enabled and is present from version 1.10.0. The flaw can be mitigated by ensuring safer comparison handling to prevent reading beyond allocated memory.

Affected Version(s)

zephyr 1.10.0 < 4.5.0

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.