diff --git a/CHANGES b/CHANGES
index 48510a6319..2bf3b2ae7b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6246.	[security]	Fix use-after-free error in TLS DNS code when sending
+			data. (CVE-2023-4236) [GL #4242]
+
 6245.	[security]	Limit the amount of recursion that can be performed
 			by isccc_cc_fromwire. (CVE-2023-3341) [GL #4152]
 
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index b01add6f21..9eb9a1c9ce 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -23,6 +23,15 @@ Security Fixes
   ISC would like to thank Eric Sesterhenn from X41 D-Sec GmbH for
   bringing this vulnerability to our attention. :gl:`#4152`
 
+- Previously, it was possible to remotely trigger a use-after-free error
+  in the DNS-over-TLS transport code, specifically in the code
+  responsible for sending data to the remote peer. This has been fixed.
+  (CVE-2023-4236)
+
+  ISC would like to thank Robert Story from USC/ISI Root Server
+  Operations for bringing this vulnerability to our attention.
+  :gl:`#4242`
+
 New Features
 ~~~~~~~~~~~~