rpm package
opensuse/unbound&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/unbound&distro=openSUSE%20Tumbleweed
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-30698 | — | < 1.16.2-1.1 | 1.16.2-1.1 | Aug 1, 2022 | NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in | ||
| CVE-2020-28935 | — | < 1.13.2-1.2 | 1.13.2-1.2 | Dec 7, 2020 | NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis | ||
| CVE-2020-12662 | — | < 1.13.2-1.2 | 1.13.2-1.2 | May 19, 2020 | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||
| CVE-2020-12663 | — | < 1.13.2-1.2 | 1.13.2-1.2 | May 19, 2020 | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | ||
| CVE-2019-18934 | — | < 1.13.2-1.2 | 1.13.2-1.2 | Nov 19, 2019 | Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in t | ||
| CVE-2019-16866 | — | < 1.13.2-1.2 | 1.13.2-1.2 | Oct 3, 2019 | Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | ||
| CVE-2017-15105 | Med | 5.3 | < 1.13.2-1.2 | 1.13.2-1.2 | Jan 23, 2018 | A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. | |
| CVE-2014-8602 | — | < 1.5.10-1.1 | 1.5.10-1.1 | Dec 11, 2014 | iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. |
- CVE-2022-30698Aug 1, 2022affected < 1.16.2-1.1fixed 1.16.2-1.1
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in
- CVE-2020-28935Dec 7, 2020affected < 1.13.2-1.2fixed 1.13.2-1.2
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis
- CVE-2020-12662May 19, 2020affected < 1.13.2-1.2fixed 1.13.2-1.2
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
- CVE-2020-12663May 19, 2020affected < 1.13.2-1.2fixed 1.13.2-1.2
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
- CVE-2019-18934Nov 19, 2019affected < 1.13.2-1.2fixed 1.13.2-1.2
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in t
- CVE-2019-16866Oct 3, 2019affected < 1.13.2-1.2fixed 1.13.2-1.2
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
- affected < 1.13.2-1.2fixed 1.13.2-1.2
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
- CVE-2014-8602Dec 11, 2014affected < 1.5.10-1.1fixed 1.5.10-1.1
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
Page 2 of 2