Nic Nic

  1. Vendors
  2. Nic

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Nic product.

RSS Feeds for Nic security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Nic products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Nic Sorted by Most Security Vulnerabilities since 2018

Nic Knot Resolver13 vulnerabilities

Nic Bird3 vulnerabilities

Nic Foris1 vulnerability

By the Year

In 2026 there have been 1 vulnerability in Nic with an average score of 6.3 out of ten. Nic did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.




Year Vulnerabilities Average Score
2026 1 6.30
2025 0 0.00
2024 1 7.50
2023 2 7.50
2022 2 6.40
2021 4 7.90
2020 1 7.50
2019 4 7.50
2018 2 3.70

It may take a day or so for new Nic vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Nic Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-49943 Jun 02, 2026
CZ.NIC BIRD <=2.19.0 BGP AS_PATH Stack Buffer Overflow CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH segments from a received BGP UPDATE without enforcing a corresponding capacity limit. When RFC 8654 BGP Extended Messages are enabled and a BIRD filter evaluates an AS path mask expression such as "bgp_path ~ [= ... =]", an established BGP peer can send a long AS_PATH containing more than 2048 expanded ASNs. This causes parse_path()/as_path_match() to write beyond the fixed stack buffer, resulting in a crash of the daemon. NOTE: reportedly, the Supplier's position is that a fix is not being prioritized because all network operators should already be rejecting routes with unusually long attributes.
Bird
CVE-2023-50387 Feb 14, 2024
DNSSEC KeyTrap DoS via DNSKEY/RRSIG overevaluation in BIND 9 Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
Knot Resolver
CVE-2023-46317 Oct 22, 2023
Knot Resolver <=5.6.9 TCP reconnection loop on nonsensical DNS replies Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.
Knot Resolver
CVE-2023-26249 Feb 21, 2023
Resource Exhaustion DoS in Knot Resolver <5.6 via TCP Amplification Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.
Knot Resolver
CVE-2022-40188 Sep 23, 2022
Knot Resolver <5.5.3 DNS NS Set DDoS via Complexity Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
Knot Resolver
CVE-2022-32983 Jun 20, 2022
Knot Resolver through 5.5.1 may Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
Knot Resolver
CVE-2021-40083 Aug 25, 2021
Knot Resolver before 5.3.2 is prone to an assertion failure Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
Knot Resolver
CVE-2021-26928 Jun 04, 2021
BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigeras area of responsibility; however, Tigera disagrees
Bird
CVE-2018-1110 Mar 30, 2021
A flaw was found in knot-resolver before version 2.3.0 A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
Knot Resolver
CVE-2021-3346 Jan 29, 2021
Foris before 101.1.1 Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template.
Foris
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.