Nlnetlabs
Products
7- 38 CVEs
- 10 CVEs
- 8 CVEs
- 6 CVEs
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
63| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000232 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2017 | A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | ||
| CVE-2017-1000231 | Cri | 0.64 | 9.8 | 0.03 | Nov 17, 2017 | A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | ||
| CVE-2026-42960 | Cri | 0.58 | 10.0 | 0.00 | May 20, 2026 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able… | ||
| CVE-2026-33278 | Cri | 0.57 | 9.8 | 0.01 | May 20, 2026 | NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary… | ||
| CVE-2025-5994 | Hig | 0.57 | — | 0.00 | Jul 16, 2025 | A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along… | ||
| CVE-2026-10846 | Hig | 0.53 | — | 0.00 | Jun 10, 2026 | NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is… | ||
| CVE-2026-49232 | Hig | 0.50 | — | 0.00 | Jun 8, 2026 | Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR… | ||
| CVE-2025-0638 | Hig | 0.49 | 7.5 | 0.00 | Jan 22, 2025 | The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator. | ||
| CVE-2016-6173 | Hig | 0.49 | 7.5 | 0.03 | Feb 9, 2017 | NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | ||
| CVE-2026-49235 | Hig | 0.42 | 7.5 | 0.00 | Jun 8, 2026 | When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. | ||
| CVE-2026-49234 | Hig | 0.42 | 7.5 | 0.00 | Jun 8, 2026 | When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks. | ||
| CVE-2026-49233 | Hig | 0.42 | 7.5 | 0.00 | Jun 8, 2026 | Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator… | ||
| CVE-2026-42959 | Hig | 0.42 | 7.5 | 0.01 | May 20, 2026 | NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to… | ||
| CVE-2026-42944 | Hig | 0.42 | 7.5 | 0.01 | May 20, 2026 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses'… | ||
| CVE-2026-41292 | Hig | 0.42 | 7.5 | 0.01 | May 20, 2026 | NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and… | ||
| CVE-2026-40622 | Hig | 0.42 | 7.5 | 0.00 | May 20, 2026 | NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to… | ||
| CVE-2024-33655 | Hig | 0.42 | 7.5 | 0.02 | Jun 6, 2024 | The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification… | ||
| CVE-2025-11411 | Med | 0.37 | — | 0.00 | Oct 22, 2025 | NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually… | ||
| CVE-2017-15105 | Med | 0.35 | 5.3 | 0.03 | Jan 23, 2018 | A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. | ||
| CVE-2026-44608 | Med | 0.31 | 5.9 | 0.00 | May 20, 2026 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual… |
- risk 0.64cvss 9.8epss 0.02
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
- risk 0.64cvss 9.8epss 0.03
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
- risk 0.58cvss 10.0epss 0.00
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able…
- risk 0.57cvss 9.8epss 0.01
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary…
- risk 0.57cvss —epss 0.00
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along…
- risk 0.53cvss —epss 0.00
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is…
- risk 0.50cvss —epss 0.00
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR…
- risk 0.49cvss 7.5epss 0.00
The initial code parsing the manifest did not check the content of the file names yet later code assumed that it was checked and panicked when encountering illegal characters, resulting in a crash of Routinator.
- risk 0.49cvss 7.5epss 0.03
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
- risk 0.42cvss 7.5epss 0.00
When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.
- risk 0.42cvss 7.5epss 0.00
When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks.
- risk 0.42cvss 7.5epss 0.00
Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator…
- risk 0.42cvss 7.5epss 0.01
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to…
- risk 0.42cvss 7.5epss 0.01
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses'…
- risk 0.42cvss 7.5epss 0.01
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and…
- risk 0.42cvss 7.5epss 0.00
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to…
- risk 0.42cvss 7.5epss 0.02
The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification…
- risk 0.37cvss —epss 0.00
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually…
- risk 0.35cvss 5.3epss 0.03
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
- risk 0.31cvss 5.9epss 0.00
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual…