rpm package
suse/unbound&distro=SUSE Linux Enterprise Module for Package Hub 15 SP5
pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8508 | — | < 1.20.0-150100.10.19.1 | 1.20.0-150100.10.19.1 | Oct 3, 2024 | NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying | ||
| CVE-2024-43167 | Low | 2.8 | < 1.20.0-150100.10.16.1 | 1.20.0-150100.10.16.1 | Aug 12, 2024 | DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red | |
| CVE-2023-50868 | — | < 1.20.0-150100.10.13.1 | 1.20.0-150100.10.13.1 | Feb 14, 2024 | The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51 | ||
| CVE-2023-50387 | — | < 1.20.0-150100.10.13.1 | 1.20.0-150100.10.13.1 | Feb 14, 2024 | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man | ||
| CVE-2022-3204 | — | < 1.20.0-150100.10.13.1 | 1.20.0-150100.10.13.1 | Sep 26, 2022 | A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer | ||
| CVE-2022-30699 | — | < 1.20.0-150100.10.13.1 | 1.20.0-150100.10.13.1 | Aug 1, 2022 | NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire | ||
| CVE-2022-30698 | — | < 1.20.0-150100.10.13.1 | 1.20.0-150100.10.13.1 | Aug 1, 2022 | NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in |
- CVE-2024-8508Oct 3, 2024affected < 1.20.0-150100.10.19.1fixed 1.20.0-150100.10.19.1
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying
- affected < 1.20.0-150100.10.16.1fixed 1.20.0-150100.10.16.1
DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red
- CVE-2023-50868Feb 14, 2024affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51
- CVE-2023-50387Feb 14, 2024affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man
- CVE-2022-3204Sep 26, 2022affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer
- CVE-2022-30699Aug 1, 2022affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire
- CVE-2022-30698Aug 1, 2022affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in