rpm package
almalinux/unbound-devel
pkg:rpm/almalinux/unbound-devel
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5994 | Hig | — | < 1.16.2-19.el9_6.1 | 1.16.2-19.el9_6.1 | Jul 16, 2025 | A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along | |
| CVE-2024-8508 | — | < 1.16.2-8.el9_5.1 | 1.16.2-8.el9_5.1 | Oct 3, 2024 | NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying | ||
| CVE-2024-1488 | — | < 1.16.2-3.el9_3.5 | 1.16.2-3.el9_3.5 | Feb 15, 2024 | A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This fla | ||
| CVE-2023-50868 | — | < 1.16.2-5.el8_9.2 | 1.16.2-5.el8_9.2 | Feb 14, 2024 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51 | ||
| CVE-2023-50387 | — | < 1.16.2-5.el8_9.2 | 1.16.2-5.el8_9.2 | Feb 14, 2024 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man | ||
| CVE-2022-3204 | — | < 1.16.2-3.el9 | 1.16.2-3.el9 | Sep 26, 2022 | A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer | ||
| CVE-2022-30699 | — | < 1.16.2-2.el8 | 1.16.2-2.el8 | Aug 1, 2022 | NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire | ||
| CVE-2022-30698 | — | < 1.16.2-2.el8 | 1.16.2-2.el8 | Aug 1, 2022 | NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in |
- affected < 1.16.2-19.el9_6.1fixed 1.16.2-19.el9_6.1
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along
- CVE-2024-8508Oct 3, 2024affected < 1.16.2-8.el9_5.1fixed 1.16.2-8.el9_5.1
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying
- CVE-2024-1488Feb 15, 2024affected < 1.16.2-3.el9_3.5fixed 1.16.2-3.el9_3.5
A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This fla
- CVE-2023-50868Feb 14, 2024affected < 1.16.2-5.el8_9.2fixed 1.16.2-5.el8_9.2
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51
- CVE-2023-50387Feb 14, 2024affected < 1.16.2-5.el8_9.2fixed 1.16.2-5.el8_9.2
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man
- CVE-2022-3204Sep 26, 2022affected < 1.16.2-3.el9fixed 1.16.2-3.el9
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer
- CVE-2022-30699Aug 1, 2022affected < 1.16.2-2.el8fixed 1.16.2-2.el8
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire
- CVE-2022-30698Aug 1, 2022affected < 1.16.2-2.el8fixed 1.16.2-2.el8
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in