rpm package

suse/unbound&distro=SUSE Linux Enterprise Server 15 SP2-LTSS

pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Vulnerabilities (18)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-50868	—	< 1.20.0-150100.10.13.1	1.20.0-150100.10.13.1	Feb 14, 2024	The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51
CVE-2023-50387	—	< 1.20.0-150100.10.13.1	1.20.0-150100.10.13.1	Feb 14, 2024	Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man
CVE-2022-3204	—	< 1.20.0-150100.10.13.1	1.20.0-150100.10.13.1	Sep 26, 2022	A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer
CVE-2022-30699	—	< 1.20.0-150100.10.13.1	1.20.0-150100.10.13.1	Aug 1, 2022	NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire
CVE-2022-30698	—	< 1.20.0-150100.10.13.1	1.20.0-150100.10.13.1	Aug 1, 2022	NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in
CVE-2019-25031	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a cont
CVE-2019-25032	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25033	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25034	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploit
CVE-2019-25035	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25036	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25037	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25038	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25039	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25040	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25041	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25042	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Apr 27, 2021	Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2020-28935	—	< 1.6.8-10.6.1	1.6.8-10.6.1	Dec 7, 2020	NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis

CVE-2023-50868Feb 14, 2024
affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51
CVE-2023-50387Feb 14, 2024
affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man
CVE-2022-3204Sep 26, 2022
affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer
CVE-2022-30699Aug 1, 2022
affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire
CVE-2022-30698Aug 1, 2022
affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in
CVE-2019-25031Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a cont
CVE-2019-25032Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25033Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25034Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploit
CVE-2019-25035Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25036Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25037Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25038Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25039Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25040Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25041Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25042Apr 27, 2021
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2020-28935Dec 7, 2020
affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis