VYPR

Unbound

by Nlnetlabs

Source repositories

CVEs (38)

  • CVE-2023-50868Feb 14, 2024
    risk 0.01cvss epss 0.82

    The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC…

  • CVE-2020-12662May 19, 2020
    risk 0.01cvss epss 0.03

    Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

  • CVE-2020-12663May 19, 2020
    risk 0.01cvss epss 0.04

    Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

  • CVE-2011-1922May 31, 2011
    risk 0.01cvss epss 0.07

    daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.

  • CVE-2024-8508Oct 3, 2024
    risk 0.00cvss epss 0.01

    NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying…

  • CVE-2024-1488Feb 15, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This…

  • CVE-2022-3204Sep 26, 2022
    risk 0.00cvss epss 0.01

    A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by…

  • CVE-2022-30699Aug 1, 2022
    risk 0.00cvss epss 0.01

    NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to…

  • CVE-2022-30698Aug 1, 2022
    risk 0.00cvss epss 0.01

    NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation…

  • CVE-2019-25035Apr 27, 2021
    risk 0.00cvss epss 0.02

    Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2020-28935Dec 7, 2020
    risk 0.00cvss epss 0.00

    NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an…

  • CVE-2020-10772Nov 27, 2020
    risk 0.00cvss epss 0.01

    An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower…

  • CVE-2019-18934Nov 19, 2019
    risk 0.00cvss epss 0.03

    Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in…

  • CVE-2019-16866Oct 3, 2019
    risk 0.00cvss epss 0.04

    Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

  • CVE-2011-4869Dec 20, 2011
    risk 0.00cvss epss 0.03

    validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability…

  • CVE-2009-4008Jun 2, 2011
    risk 0.00cvss epss 0.03

    Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.

  • CVE-2010-0969Mar 16, 2010
    risk 0.00cvss epss 0.03

    Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

  • CVE-2009-3602Oct 13, 2009
    risk 0.00cvss epss 0.03

    Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

Page 2 of 2