Product:

Unbound

(Nlnetlabs)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 31
Date Id Summary Products Score Patch Annotated
2020-05-19 CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Ubuntu_linux, Debian_linux, Fedora, Unbound, Leap 7.5
2020-05-19 CVE-2020-12663 Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Ubuntu_linux, Debian_linux, Fedora, Unbound, Leap 7.5
2020-12-07 CVE-2020-28935 NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it... Debian_linux, Name_server_daemon, Unbound 5.5
2022-08-01 CVE-2022-30698 NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver... Fedora, Unbound 6.5
2022-08-01 CVE-2022-30699 NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries.... Fedora, Unbound 6.5
2021-04-27 CVE-2019-25031 Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation Debian_linux, Unbound 5.9
2021-04-27 CVE-2019-25032 Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited Debian_linux, Unbound 9.8
2021-04-27 CVE-2019-25034 Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited Debian_linux, Unbound 9.8
2021-04-27 CVE-2019-25033 Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited Debian_linux, Unbound 9.8
2021-04-27 CVE-2019-25035 Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited Debian_linux, Unbound 9.8