Buffer overread in ns_printrrf with corrupted RDATA field

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the
GNU C Library version 2.2 and newer fail to validate the RDATA content
against the RDATA length in a DNS response when processing LOC, CERT,
TKEY or TSIG records, which may allow an attacker to craft a DNS
response, causing a target application to crash or read uninitialized
memory.

These functions are for application debugging only and hence not in the
path of code executed by the DNS resolver.  Further, they have been
deprecated since version 2.34 and should not be used by any new
applications.  Applications should consider porting away from these
interfaces since they may be removed in future versions.

CVE-Id: CVE-2026-6238
Public-Date: 2026-04-11
Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2)
