Hickory DNS versions 0.1 through 0.25.2 suffer from a CWE-706 vulnerability where cached DNS data is not correctly linked to the originating query. This flaw enables cross-zone poisoning, meaning that DNS responses from one zone could be incorrectly served in response to queries from another zone. The vulnerability has a CVSS 3.1 base score of 4.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N), reflecting a network attack vector with high attack complexity, no privileges required, no user interaction, and a scope change. The impact is limited to integrity loss without affecting confidentiality or availability. No patch or official remediation is currently documented.

The vulnerability allows an attacker to poison DNS cache entries across zones, potentially causing incorrect DNS resolutions. This impacts the integrity of DNS responses but does not affect confidentiality or availability. No known exploits exist in the wild, and the attack complexity is high, reducing the likelihood of widespread exploitation.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or workaround is documented, users should monitor vendor communications for updates. Until a fix is available, cautious deployment and limiting exposure of vulnerable versions may reduce risk.