All the vulnerabilites related to nlnetlabs - unbound
Vulnerability from fkie_nvd
Published
2020-05-19 14:15
Modified
2024-11-21 05:00
Severity ?
Summary
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABD5553-FB9A-4465-836C-2031C04730C9",
"versionEndExcluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."
},
{
"lang": "es",
"value": "Unbound versiones anteriores a 1.10.1, presenta un Control Insuficiente del Volumen de Mensajes de Red, tambi\u00e9n se conoce como un problema de \"NXNSAttack\". Esto es activado por subdominios aleatorios en NSDNAME en registros NS."
}
],
"id": "CVE-2020-12662",
"lastModified": "2024-11-21T05:00:00.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-19T14:15:11.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "http://www.nxnsattack.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "http://www.nxnsattack.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-01 15:15
Modified
2024-11-21 07:03
Severity ?
Summary
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1D0AA5-FEEA-42D2-BBC9-A75F2F508301",
"versionEndExcluding": "1.16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten."
},
{
"lang": "es",
"value": "NLnet Labs Unbound, versiones hasta 1.16.1 incluy\u00e9ndola, es vulnerable a un nuevo tipo de ataque de \"ghost domain names\". La vulnerabilidad funciona apuntando a una instancia de Unbound. Unbound es consultado por un nombre de dominio falso cuando la informaci\u00f3n de delegaci\u00f3n en cach\u00e9 est\u00e1 a punto de expirar. El servidor de nombres falso retrasa la respuesta para que la informaci\u00f3n de delegaci\u00f3n almacenada en la cach\u00e9 caduque. Al recibir la respuesta retrasada que contiene la informaci\u00f3n de la delegaci\u00f3n, Unbound sobrescribe las entradas ya caducadas. Esta acci\u00f3n puede repetirse cuando la informaci\u00f3n de la delegaci\u00f3n est\u00e1 a punto de caducar, haciendo que la informaci\u00f3n de la delegaci\u00f3n falsa sea actualizada constantemente. A partir de la versi\u00f3n 1.16.2, Unbound almacena la hora de inicio de una consulta y la usa para decidir si la informaci\u00f3n de delegaci\u00f3n almacenada en cach\u00e9 puede sobrescribirse"
}
],
"id": "CVE-2022-30699",
"lastModified": "2024-11-21T07:03:11.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T15:15:09.890",
"references": [
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
}
],
"sourceIdentifier": "sep@nlnetlabs.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:27
Severity ?
Summary
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | 1.0.0 | |
| nlnetlabs | unbound | 1.0.1 | |
| nlnetlabs | unbound | 1.0.2 | |
| nlnetlabs | unbound | 1.1.0 | |
| nlnetlabs | unbound | 1.1.1 | |
| nlnetlabs | unbound | 1.2.0 | |
| nlnetlabs | unbound | 1.2.1 | |
| nlnetlabs | unbound | 1.3.0 | |
| nlnetlabs | unbound | 1.3.1 | |
| nlnetlabs | unbound | 1.3.2 | |
| nlnetlabs | unbound | 1.3.3 | |
| nlnetlabs | unbound | 1.3.4 | |
| nlnetlabs | unbound | 1.4.0 | |
| nlnetlabs | unbound | 1.4.1 | |
| nlnetlabs | unbound | 1.4.2 | |
| nlnetlabs | unbound | 1.4.3 | |
| nlnetlabs | unbound | 1.4.4 | |
| nlnetlabs | unbound | 1.4.5 | |
| nlnetlabs | unbound | 1.4.6 | |
| nlnetlabs | unbound | 1.4.7 | |
| nlnetlabs | unbound | 1.4.8 | |
| nlnetlabs | unbound | 1.4.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2F7047-5435-4616-8357-B72BB3F9A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05137329-C056-4E1E-811E-0AF2899E9EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "850E4420-3B05-4F99-A4C6-AD22E127E7DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A23044-AB7D-4303-804B-11ADC8CF4CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DFA469-124B-4F6A-9D86-2B615CC1F5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D463CB7-2B65-4A4D-8AC2-35F6C51CAC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7701F4B-6FF1-463E-BF6D-6B7EA96DB192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "661E72ED-666D-4532-B503-683E2C84686F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF5BCB9-1950-4099-8E08-5D1CBF6749FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04981A8D-F3F8-4D83-818B-775E8FE9CE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFAA6EC-C28C-4400-9979-0BF9FE3316EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECDCF7-4E80-407E-80DA-E8DC3AE49B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3240CB4-DB33-4349-88A5-A6AE32F146A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C947E1-5EC3-4207-9D05-6F09A0587DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA988145-4527-492A-BD2D-0421C562FB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9C922CA6-3411-4E42-A92E-1F579F3F4DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D093B7CC-8816-477B-9336-81CE2BDD11E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FA5C9E6-E0D2-4C7D-ACEA-69967D8D08CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E3CB88-F651-4BB5-BB76-A2621AAF678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E69371BD-A296-4097-9537-8CF12F6A6A90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "10D5F8FB-650F-485F-A471-E2F625317CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BA95DEC2-E47D-4B05-9F69-F1EAFBB11F68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling."
},
{
"lang": "es",
"value": "daemon/worker.c de Unbound 1.x anteriores a 1.4.10, cuando la funcionalidad de depuraci\u00f3n de errores (\"debugging\") y la opci\u00f3n de \"interface-automatic\" est\u00e1n activadas, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo en aserci\u00f3n y finalizaci\u00f3n del demonio) a trav\u00e9s de una petici\u00f3n DNS modificada que provoca un manejo de error incorrecto."
}
],
"id": "CVE-2011-1922",
"lastModified": "2024-11-21T01:27:18.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:03.530",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/72750"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44865"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/531342"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47986"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/72750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/531342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite una escritura fuera de l\u00edmites en la funci\u00f3n sldns_bget_token_par. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25035",
"lastModified": "2024-11-21T04:39:47.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un fallo de aserci\u00f3n por medio de un nombre comprimido en la funci\u00f3n dname_pkt_copy. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local."
}
],
"id": "CVE-2019-25041",
"lastModified": "2024-11-21T04:39:48.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un bucle infinito por medio de un nombre comprimido en la funci\u00f3n dname_pkt_copy. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local."
}
],
"id": "CVE-2019-25040",
"lastModified": "2024-11-21T04:39:48.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.700",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un error de aserci\u00f3n y denegaci\u00f3n de servicio en la funci\u00f3n synth_cname. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25036",
"lastModified": "2024-11-21T04:39:47.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en la funci\u00f3n sldns_str2wire_dname_buf_origin, conllevando a una escritura fuera de l\u00edmites. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25034",
"lastModified": "2024-11-21T04:39:47.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-09-26 14:15
Modified
2024-11-21 07:19
Severity ?
Summary
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| fedoraproject | fedora | 37 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29711F1A-F741-4BF9-AF71-03A2C21B0F1E",
"versionEndIncluding": "1.16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability named \u0027Non-Responsive Delegation Attack\u0027 (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad denominada \"Non-Responsive Delegation Attack\" (NRDelegation Attack) en varios programas de resoluci\u00f3n de DNS. El ataque NRDelegation funciona teniendo una delegaci\u00f3n maliciosa con un n\u00famero considerable de servidores de nombre que no responden. El ataque comienza al consultar a un resolver un registro que depende de esos servidores de nombre que no responden. El ataque puede causar que un resolver gaste mucho tiempo/recursos resolviendo registros bajo un punto de delegaci\u00f3n malicioso donde reside un n\u00famero considerable de registros NS que no responden. Puede desencadenar un alto uso de la CPU en algunas implementaciones del resolver que buscan continuamente en la cach\u00e9 los registros NS resueltos en esa delegaci\u00f3n. Esto puede conllevar a una degradaci\u00f3n del rendimiento y, eventualmente, una denegaci\u00f3n de servicio en ataques orquestados. Unbound no sufre un alto uso de la CPU, pero los recursos siguen siendo necesarios para resolver la delegaci\u00f3n maliciosa. Unbound seguir\u00e1 intentando resolver el registro hasta que sean alcanzados los l\u00edmites establecidos. Seg\u00fan la naturaleza del ataque y las respuestas, pueden alcanzarse diferentes l\u00edmites. A partir de la versi\u00f3n 1.16.3, Unbound introduce correcciones para mejorar el rendimiento cuando est\u00e1 bajo carga, al recortar las consultas oportunistas para la detecci\u00f3n de servidores de nombres y la precarga de DNSKEY y limitando el n\u00famero de veces que un punto de delegaci\u00f3n puede emitir una b\u00fasqueda en la cach\u00e9 para los registros faltantes.\n"
}
],
"id": "CVE-2022-3204",
"lastModified": "2024-11-21T07:19:02.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-09-26T14:15:11.007",
"references": [
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt"
}
],
"sourceIdentifier": "sep@nlnetlabs.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-03-07 10:15
Modified
2024-12-17 16:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11B7D8E3-96EB-4EF0-8F07-08EAF2639FC0",
"versionEndExcluding": "1.19.2",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client\u0027s advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client\u0027s buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the \u0027ede: yes\u0027 option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely."
},
{
"lang": "es",
"value": "NLnet Labs Unbound versi\u00f3n 1.18.0 hasta la versi\u00f3n 1.19.1 incluida contiene una vulnerabilidad que puede causar denegaci\u00f3n de servicio mediante una determinada ruta de c\u00f3digo que puede conducir a un bucle infinito. Unbound 1.18.0 introdujo una caracter\u00edstica que elimina los registros EDE de las respuestas con un tama\u00f1o superior al tama\u00f1o de b\u00fafer anunciado por el cliente. Sin embargo, antes de eliminar todos los registros EDE, intentar\u00eda ver si recortar los campos de texto adicionales en esos registros dar\u00eda como resultado un tama\u00f1o aceptable y al mismo tiempo conservar\u00eda los c\u00f3digos EDE. Debido a una condici\u00f3n no marcada, el c\u00f3digo que recorta el texto de los registros EDE podr\u00eda repetirse indefinidamente. Esto sucede cuando Unbound responde con informaci\u00f3n EDE adjunta en una respuesta positiva y el tama\u00f1o del b\u00fafer del cliente es menor que el espacio necesario para incluir registros EDE. La vulnerabilidad s\u00f3lo puede activarse cuando se utiliza la opci\u00f3n \u0027ede: yes\u0027; configuraci\u00f3n no predeterminada. A partir de la versi\u00f3n 1.19.2, el c\u00f3digo se corrige para evitar bucles indefinidos."
}
],
"id": "CVE-2024-1931",
"lastModified": "2024-12-17T16:56:50.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "sep@nlnetlabs.nl",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-07T10:15:07.037",
"references": [
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Issue Tracking"
],
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List"
],
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
}
],
"sourceIdentifier": "sep@nlnetlabs.nl",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "sep@nlnetlabs.nl",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-19 18:15
Modified
2024-11-21 04:33
Severity ?
Summary
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37721642-A2DA-4326-8D2C-8640D99EC472",
"versionEndIncluding": "1.9.4",
"versionStartIncluding": "1.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration."
},
{
"lang": "es",
"value": "Unbound versiones 1.6.4 hasta 1.9.4, contiene una vulnerabilidad en el m\u00f3dulo ipsec que puede causar una ejecuci\u00f3n de c\u00f3digo de shell despu\u00e9s de recibir una respuesta especialmente dise\u00f1ada. Este problema solo puede ser activado si unbound fue compilado con el soporte \"--enable-ipsecmod\", e ipsecmod est\u00e1 habilitado y usado en la configuraci\u00f3n."
}
],
"id": "CVE-2019-18934",
"lastModified": "2024-11-21T04:33:52.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-19T18:15:10.523",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite la inyecci\u00f3n de configuraci\u00f3n en el archivo create_unbound_ad_servers.sh tras un ataque de tipo man-in-the-middle con \u00e9xito contra una sesi\u00f3n HTTP de texto sin cifrar. NOTA: El proveedor no considera que esto sea una vulnerabilidad del software de Unbound. create_unbound_ad_servers.sh es un script contribuido por la comunidad que facilita la creaci\u00f3n autom\u00e1tica de la configuraci\u00f3n. No forma parte de la instalaci\u00f3n de Unbound"
}
],
"id": "CVE-2019-25031",
"lastModified": "2024-11-21T04:39:46.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.447",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un fallo de aserci\u00f3n y denegaci\u00f3n de servicio en la funci\u00f3n dname_pkt_copy por medio de un paquete no v\u00e1lido. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25037",
"lastModified": "2024-11-21T04:39:47.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-01 15:15
Modified
2024-11-21 07:03
Severity ?
Summary
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1D0AA5-FEEA-42D2-BBC9-A75F2F508301",
"versionEndExcluding": "1.16.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound\u0027s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information."
},
{
"lang": "es",
"value": "NLnet Labs Unbound, versiones hasta 1.16.1 incluy\u00e9ndola, es vulnerable a un nuevo tipo de ataque \"ghost domain names\". La vulnerabilidad funciona al apuntar a una instancia de Unbound. Unbound es consultado por un subdominio de un nombre de dominio falso. El servidor de nombres falso devuelve informaci\u00f3n de delegaci\u00f3n para el subdominio que actualiza la cach\u00e9 de delegaci\u00f3n de Unbound. Esta acci\u00f3n puede repetirse antes de que caduque la informaci\u00f3n de delegaci\u00f3n, consultando a Unbound por un subdominio de segundo nivel al que el servidor de nombres falso proporcione nueva informaci\u00f3n de delegaci\u00f3n. Dado que Unbound es un resolvedor centrado en los hijos, la informaci\u00f3n de delegaci\u00f3n de los hijos, que es actualizada constantemente, puede mantener un nombre de dominio falso resoluble mucho tiempo despu\u00e9s de su revocaci\u00f3n. A partir de la versi\u00f3n 1.16.2, Unbound comprueba la validez de los registros de delegaci\u00f3n padre antes de usar la informaci\u00f3n de delegaci\u00f3n almacenada en cach\u00e9"
}
],
"id": "CVE-2022-30698",
"lastModified": "2024-11-21T07:03:11.650",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-01T15:15:09.840",
"references": [
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
}
],
"sourceIdentifier": "sep@nlnetlabs.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en el asignador regional por medio de la funci\u00f3n regional_alloc. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25032",
"lastModified": "2024-11-21T04:39:47.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.477",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-16 19:00
Modified
2024-11-21 01:13
Severity ?
Summary
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| nlnetlabs | unbound | 0.0 | |
| nlnetlabs | unbound | 0.1 | |
| nlnetlabs | unbound | 0.2 | |
| nlnetlabs | unbound | 0.3 | |
| nlnetlabs | unbound | 0.4 | |
| nlnetlabs | unbound | 0.5 | |
| nlnetlabs | unbound | 0.6 | |
| nlnetlabs | unbound | 0.7 | |
| nlnetlabs | unbound | 0.7.1 | |
| nlnetlabs | unbound | 0.7.2 | |
| nlnetlabs | unbound | 0.8 | |
| nlnetlabs | unbound | 0.09 | |
| nlnetlabs | unbound | 0.10 | |
| nlnetlabs | unbound | 0.11 | |
| nlnetlabs | unbound | 1.0.0 | |
| nlnetlabs | unbound | 1.0.1 | |
| nlnetlabs | unbound | 1.0.2 | |
| nlnetlabs | unbound | 1.1.0 | |
| nlnetlabs | unbound | 1.1.1 | |
| nlnetlabs | unbound | 1.2.0 | |
| nlnetlabs | unbound | 1.2.1 | |
| nlnetlabs | unbound | 1.3.0 | |
| nlnetlabs | unbound | 1.3.1 | |
| nlnetlabs | unbound | 1.3.2 | |
| nlnetlabs | unbound | 1.3.3 | |
| nlnetlabs | unbound | 1.3.4 | |
| nlnetlabs | unbound | 1.4.0 | |
| nlnetlabs | unbound | 1.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B56D36C-0A76-479C-8F2E-4EF9E9E3D5B9",
"versionEndIncluding": "1.4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C91D9B3-201C-4090-8AB7-22B3B017C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54DA5D37-9D1E-483D-AD56-FD9B32BE62BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD25EC11-5C51-4072-AFBC-CB6C7173E1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19BD88F4-8CF7-4C02-9A68-0F57A5C221AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA46C5-4E08-4B9F-897B-05DE3AF9A10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C96D1B54-4C99-4B36-97A5-40D7A3691041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D62F9F20-8A6E-4736-A3ED-879BCE4E4F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52C42FEA-5001-41D4-8CA3-A25D8CB0A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29B38799-BBFD-42B3-8DF3-1C2957BEE205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADE80A0-3D9D-4C4E-859B-E0A7EE5A3C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "785E8B09-CC33-4812-923F-3168FA73B814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F22E5E-185B-411E-BD1A-9F2774F87E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "798B325D-4612-493C-BDF3-D09F9AF99C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "28DF2FEF-AED3-43C3-8877-EB5A724232BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2F7047-5435-4616-8357-B72BB3F9A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05137329-C056-4E1E-811E-0AF2899E9EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "850E4420-3B05-4F99-A4C6-AD22E127E7DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A23044-AB7D-4303-804B-11ADC8CF4CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DFA469-124B-4F6A-9D86-2B615CC1F5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D463CB7-2B65-4A4D-8AC2-35F6C51CAC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7701F4B-6FF1-463E-BF6D-6B7EA96DB192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "661E72ED-666D-4532-B503-683E2C84686F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF5BCB9-1950-4099-8E08-5D1CBF6749FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04981A8D-F3F8-4D83-818B-775E8FE9CE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFAA6EC-C28C-4400-9979-0BF9FE3316EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECDCF7-4E80-407E-80DA-E8DC3AE49B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3240CB4-DB33-4349-88A5-A6AE32F146A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C947E1-5EC3-4207-9D05-6F09A0587DF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
},
{
"lang": "es",
"value": "Unbound anterior v1.4.3 no alinea adecuadamente estructuras en plataformas 64-bit, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2010-0969",
"lastModified": "2024-11-21T01:13:19.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-16T19:00:00.617",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=309117"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126876222231747\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62903"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38888"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38701"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=309117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126876222231747\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-13 10:30
Modified
2024-11-21 01:07
Severity ?
Summary
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| nlnetlabs | unbound | 0.0 | |
| nlnetlabs | unbound | 0.1 | |
| nlnetlabs | unbound | 0.2 | |
| nlnetlabs | unbound | 0.3 | |
| nlnetlabs | unbound | 0.4 | |
| nlnetlabs | unbound | 0.5 | |
| nlnetlabs | unbound | 0.6 | |
| nlnetlabs | unbound | 0.7 | |
| nlnetlabs | unbound | 0.7.1 | |
| nlnetlabs | unbound | 0.7.2 | |
| nlnetlabs | unbound | 0.8 | |
| nlnetlabs | unbound | 0.09 | |
| nlnetlabs | unbound | 0.10 | |
| nlnetlabs | unbound | 0.11 | |
| nlnetlabs | unbound | 1.0.0 | |
| nlnetlabs | unbound | 1.0.1 | |
| nlnetlabs | unbound | 1.0.2 | |
| nlnetlabs | unbound | 1.1.0 | |
| nlnetlabs | unbound | 1.1.1 | |
| nlnetlabs | unbound | 1.2.0 | |
| nlnetlabs | unbound | 1.2.1 | |
| nlnetlabs | unbound | 1.3.0 | |
| nlnetlabs | unbound | 1.3.1 | |
| nlnetlabs | unbound | 1.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7158CA2-29DF-4705-96DF-4166D43FB0B3",
"versionEndIncluding": "1.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C91D9B3-201C-4090-8AB7-22B3B017C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54DA5D37-9D1E-483D-AD56-FD9B32BE62BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD25EC11-5C51-4072-AFBC-CB6C7173E1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19BD88F4-8CF7-4C02-9A68-0F57A5C221AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA46C5-4E08-4B9F-897B-05DE3AF9A10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C96D1B54-4C99-4B36-97A5-40D7A3691041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D62F9F20-8A6E-4736-A3ED-879BCE4E4F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52C42FEA-5001-41D4-8CA3-A25D8CB0A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29B38799-BBFD-42B3-8DF3-1C2957BEE205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADE80A0-3D9D-4C4E-859B-E0A7EE5A3C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "785E8B09-CC33-4812-923F-3168FA73B814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F22E5E-185B-411E-BD1A-9F2774F87E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "798B325D-4612-493C-BDF3-D09F9AF99C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "28DF2FEF-AED3-43C3-8877-EB5A724232BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2F7047-5435-4616-8357-B72BB3F9A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05137329-C056-4E1E-811E-0AF2899E9EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "850E4420-3B05-4F99-A4C6-AD22E127E7DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A23044-AB7D-4303-804B-11ADC8CF4CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DFA469-124B-4F6A-9D86-2B615CC1F5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D463CB7-2B65-4A4D-8AC2-35F6C51CAC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7701F4B-6FF1-463E-BF6D-6B7EA96DB192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "661E72ED-666D-4532-B503-683E2C84686F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF5BCB9-1950-4099-8E08-5D1CBF6749FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04981A8D-F3F8-4D83-818B-775E8FE9CE77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses."
},
{
"lang": "es",
"value": "Unbound anterior v1.3.4 no comprueba las firmas para registros NSEC3, lo que permite a atacantes remotos causar una delegaci\u00f3n de seguridad para ser descargada a trav\u00e9s de suplantaci\u00f3n de DNS u otros ataques relativos al DNS conjuntamente con respuestas de delegaci\u00f3n manipuladas."
}
],
"id": "CVE-2009-3602",
"lastModified": "2024-11-21T01:07:46.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-13T10:30:00.657",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/58836"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36996"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37913"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2009/dsa-1963"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2875"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/58836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-03 19:15
Modified
2024-11-21 04:31
Severity ?
Summary
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9749EA7-25CA-48B0-9165-94D0B461D810",
"versionEndExcluding": "1.9.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule."
},
{
"lang": "es",
"value": "Unbound versiones anteriores a 1.9.4, accede a la memoria no inicializada, lo que permite a atacantes remotos desencadenar un bloqueo por medio de una consulta NOTIFY dise\u00f1ada. La direcci\u00f3n IP del origen de la consulta debe coincidir con una regla de control de acceso."
}
],
"id": "CVE-2019-16866",
"lastModified": "2024-11-21T04:31:14.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-03T19:15:09.550",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Oct/23"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4149-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2019/dsa-4544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Oct/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4149-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4544"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
},
{
"lang": "en",
"value": "CWE-908"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en el asignador regional por medio de la macro ALIGN_UP. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25033",
"lastModified": "2024-11-21T04:39:47.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en un c\u00e1lculo de tama\u00f1o en el archivo dnscrypt/dnscrypt.c. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25038",
"lastModified": "2024-11-21T04:39:48.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 16:15
Modified
2024-11-21 08:36
Severity ?
Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| microsoft | windows_server_2008 | r2 | |
| microsoft | windows_server_2012 | - | |
| microsoft | windows_server_2012 | r2 | |
| microsoft | windows_server_2016 | - | |
| microsoft | windows_server_2019 | - | |
| microsoft | windows_server_2022 | - | |
| microsoft | windows_server_2022_23h2 | - | |
| fedoraproject | fedora | 39 | |
| thekelleys | dnsmasq | * | |
| nic | knot_resolver | * | |
| powerdns | recursor | * | |
| powerdns | recursor | * | |
| powerdns | recursor | * | |
| isc | bind | * | |
| isc | bind | * | |
| isc | bind | * | |
| nlnetlabs | unbound | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CCACE6-A0EE-4A6F-BD5A-7AA504B02717",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "964796B3-BA45-4180-A8DA-64CF93CED122",
"versionEndExcluding": "2.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nic:knot_resolver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8328E8-C652-4262-8C00-D89AD8F75CCF",
"versionEndExcluding": "5.71",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5207D316-7DC9-4724-BC48-C8D3EC5087E8",
"versionEndExcluding": "4.8.6",
"versionStartIncluding": "4.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE64451-7CB9-45BD-8168-9F48199A9363",
"versionEndExcluding": "4.9.3",
"versionStartIncluding": "4.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0526B76D-52BB-4FA1-B692-8EDEC673EAE5",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "F3814976-5223-4615-BA7B-E33083D3EC26",
"versionEndIncluding": "9.16.46",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "140CCABA-F134-4CC2-9960-258D6BFF34DD",
"versionEndIncluding": "9.18.22",
"versionStartIncluding": "9.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:isc:bind:*:*:*:*:-:*:*:*",
"matchCriteriaId": "71BAD5BF-8532-4988-A772-6CD7B851E9E2",
"versionEndIncluding": "9.19.20",
"versionStartIncluding": "9.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C094EEB-BAD6-495B-B1CB-671D31549F15",
"versionEndExcluding": "1.19.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records."
},
{
"lang": "es",
"value": "Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de CPU) a trav\u00e9s de una o m\u00e1s respuestas DNSSEC cuando hay una zona con muchos registros DNSKEY y RRSIG, tambi\u00e9n conocido como \"KeyTrap\". \" asunto. La especificaci\u00f3n del protocolo implica que un algoritmo debe evaluar todas las combinaciones de registros DNSKEY y RRSIG."
}
],
"id": "CVE-2023-50387",
"lastModified": "2024-11-21T08:36:56.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T16:15:45.300",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=39367411"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=39372384"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240307-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.athene-center.de/aktuelles/key-trap"
},
{
"source": "cve@mitre.org",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.isc.org/blogs/2024-bind-security-release/"
},
{
"source": "cve@mitre.org",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=39367411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://news.ycombinator.com/item?id=39372384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240307-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.athene-center.de/aktuelles/key-trap"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.isc.org/blogs/2024-bind-security-release/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Press/Media Coverage",
"Third Party Advisory"
],
"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-02 20:55
Modified
2024-11-21 01:08
Severity ?
Summary
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| nlnetlabs | unbound | 0.0 | |
| nlnetlabs | unbound | 0.1 | |
| nlnetlabs | unbound | 0.2 | |
| nlnetlabs | unbound | 0.3 | |
| nlnetlabs | unbound | 0.4 | |
| nlnetlabs | unbound | 0.5 | |
| nlnetlabs | unbound | 0.6 | |
| nlnetlabs | unbound | 0.7 | |
| nlnetlabs | unbound | 0.7.1 | |
| nlnetlabs | unbound | 0.7.2 | |
| nlnetlabs | unbound | 0.8 | |
| nlnetlabs | unbound | 0.09 | |
| nlnetlabs | unbound | 0.10 | |
| nlnetlabs | unbound | 0.11 | |
| nlnetlabs | unbound | 1.0.0 | |
| nlnetlabs | unbound | 1.0.1 | |
| nlnetlabs | unbound | 1.0.2 | |
| nlnetlabs | unbound | 1.1.0 | |
| nlnetlabs | unbound | 1.1.1 | |
| nlnetlabs | unbound | 1.2.0 | |
| nlnetlabs | unbound | 1.2.1 | |
| nlnetlabs | unbound | 1.3.0 | |
| nlnetlabs | unbound | 1.3.1 | |
| nlnetlabs | unbound | 1.3.2 | |
| nlnetlabs | unbound | 1.3.3 | |
| nlnetlabs | unbound | 1.3.4 | |
| nlnetlabs | unbound | 1.4.0 | |
| nlnetlabs | unbound | 1.4.1 | |
| nlnetlabs | unbound | 1.4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5477F8A-FD2D-4297-942A-A645AB8F7E58",
"versionEndIncluding": "1.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C91D9B3-201C-4090-8AB7-22B3B017C9B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "54DA5D37-9D1E-483D-AD56-FD9B32BE62BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CD25EC11-5C51-4072-AFBC-CB6C7173E1EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19BD88F4-8CF7-4C02-9A68-0F57A5C221AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBA46C5-4E08-4B9F-897B-05DE3AF9A10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C96D1B54-4C99-4B36-97A5-40D7A3691041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D62F9F20-8A6E-4736-A3ED-879BCE4E4F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52C42FEA-5001-41D4-8CA3-A25D8CB0A9B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29B38799-BBFD-42B3-8DF3-1C2957BEE205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6ADE80A0-3D9D-4C4E-859B-E0A7EE5A3C3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "785E8B09-CC33-4812-923F-3168FA73B814",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F22E5E-185B-411E-BD1A-9F2774F87E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "798B325D-4612-493C-BDF3-D09F9AF99C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "28DF2FEF-AED3-43C3-8877-EB5A724232BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2F7047-5435-4616-8357-B72BB3F9A600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05137329-C056-4E1E-811E-0AF2899E9EE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "850E4420-3B05-4F99-A4C6-AD22E127E7DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A23044-AB7D-4303-804B-11ADC8CF4CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DFA469-124B-4F6A-9D86-2B615CC1F5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D463CB7-2B65-4A4D-8AC2-35F6C51CAC3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7701F4B-6FF1-463E-BF6D-6B7EA96DB192",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "661E72ED-666D-4532-B503-683E2C84686F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF5BCB9-1950-4099-8E08-5D1CBF6749FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "04981A8D-F3F8-4D83-818B-775E8FE9CE77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFAA6EC-C28C-4400-9979-0BF9FE3316EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECDCF7-4E80-407E-80DA-E8DC3AE49B70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3240CB4-DB33-4349-88A5-A6AE32F146A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C947E1-5EC3-4207-9D05-6F09A0587DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EA988145-4527-492A-BD2D-0421C562FB97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query."
},
{
"lang": "es",
"value": "Unbound, antes de v1.4.4 no env\u00eda respuestas para las zonas firmadas despu\u00e9s de un mal manejo de una consulta no especificada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (falta de DNSSEC) a trav\u00e9s de una consulta hecha a mano."
}
],
"id": "CVE-2009-4008",
"lastModified": "2024-11-21T01:08:43.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-02T20:55:01.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2243"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-07 22:15
Modified
2024-11-21 05:23
Severity ?
Summary
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | name_server_daemon | * | |
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:name_server_daemon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2999AD3A-4E86-4E7F-94DC-7972AF046056",
"versionEndExcluding": "4.3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5033957-63F8-4F49-A451-96BEF9644520",
"versionEndExcluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system."
},
{
"lang": "es",
"value": "NLnet Labs Unbound, hasta la versi\u00f3n 1.12.0 incluy\u00e9ndola, y NLnet Labs NSD, hasta la versi\u00f3n 4.3.3 incluy\u00e9ndola, contienen una vulnerabilidad local que permitir\u00eda un ataque de tipo symlink local. Al escribir el archivo PID, Unbound y NSD crean el archivo si no est\u00e1 all\u00ed, o abren un archivo existente para escribir. En caso de que el archivo ya existiera, seguir\u00edan enlaces simb\u00f3licos si el archivo fuera un enlace simb\u00f3lico en lugar de un archivo normal. Luego, se llevar\u00eda a cabo una copia adicional del archivo despu\u00e9s de que se escribi\u00f3, lo que har\u00eda que el usuario Unbound/NSD se ejecute como el nuevo propietario del archivo. Si un atacante tiene acceso local al usuario con el que se ejecuta Unbound/NSD, podr\u00eda crear un enlace simb\u00f3lico en lugar del archivo PID que apunta hacia un archivo que le gustar\u00eda borrar. Si luego Unbound/NSD es eliminado y el archivo PID no se borra, al reiniciar con privilegios root, Unbound/NSD reescribir\u00e1 cualquier archivo apuntado por el enlace simb\u00f3lico. Esta es una vulnerabilidad local que podr\u00eda crear una Denegaci\u00f3n de Servicio del sistema en el que se ejecuta Unbound/NSD. Requiere que un atacante tenga acceso al usuario de permiso limitado que se ejecuta como Unbound/NSD y apunta por medio del enlace simb\u00f3lico a un archivo cr\u00edtico en el sistema"
}
],
"id": "CVE-2020-28935",
"lastModified": "2024-11-21T05:23:19.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T22:15:20.853",
"references": [
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"source": "sep@nlnetlabs.nl",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-38"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt"
},
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt"
}
],
"sourceIdentifier": "sep@nlnetlabs.nl",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "sep@nlnetlabs.nl",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-11-27 18:15
Modified
2024-11-21 04:56
Severity ?
Summary
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1846026 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1846026 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | 1.6.6-5 | |
| redhat | enterprise_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:1.6.6-5:*:*:*:*:*:*:*",
"matchCriteriaId": "54EB2AED-8F01-4805-872E-E31BB46FA5D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound."
},
{
"lang": "es",
"value": "Una correcci\u00f3n incompleta fue entregada para CVE-2020-12662 para Unbound en Red Hat Enterprise Linux versi\u00f3n 7, como parte de la errata de RHSA-2020: 2414.\u0026#xa0;Las versiones vulnerables de Unbound a\u00fan podr\u00edan amplificar una consulta entrante en una gran cantidad de consultas dirigidas a un objetivo, inclusive con un \u00edndice de amplificaci\u00f3n m\u00e1s bajo en comparaci\u00f3n con las versiones de Unbound que se enviaron antes de la errata mencionada.\u0026#xa0;Este problema se trata de la correcci\u00f3n incompleta para el CVE-2020-12662 y no afecta a las versiones anteriores de Unbound"
}
],
"id": "CVE-2020-10772",
"lastModified": "2024-11-21T04:56:02.407",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-27T18:15:11.440",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-406"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-11 02:59
Modified
2024-11-21 02:19
Severity ?
Summary
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| debian | debian_linux | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "656FF147-B19F-47F9-B6E0-D0732ECA05DD",
"versionEndIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals."
},
{
"lang": "es",
"value": "iterator.c en NLnet Labs Unbound anterior a 1.5.1 no limita el encadenamiento de la delegaci\u00f3n, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de memoria y CPU) a trav\u00e9s de un n\u00famero grande o infinito de remisiones."
}
],
"id": "CVE-2014-8602",
"lastModified": "2024-11-21T02:19:25.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-11T02:59:03.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://unbound.net/downloads/patch_cve_2014_8602.diff"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3097"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/264212"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/71589"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2484-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://unbound.net/downloads/CVE-2014-8602.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://unbound.net/downloads/patch_cve_2014_8602.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/264212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/71589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2484-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://unbound.net/downloads/CVE-2014-8602.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en un c\u00e1lculo de tama\u00f1o en el archivo respip/respip.c. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25039",
"lastModified": "2024-11-21T04:39:48.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.670",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-19 14:15
Modified
2024-11-21 05:00
Severity ?
Summary
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5ABD5553-FB9A-4465-836C-2031C04730C9",
"versionEndExcluding": "1.10.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers."
},
{
"lang": "es",
"value": "Unbound versiones anteriores a 1.10.1, presenta un bucle infinito mediante respuestas DNS malformadas recibidas desde servidores aguas arriba."
}
],
"id": "CVE-2020-12663",
"lastModified": "2024-11-21T05:00:01.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-19T14:15:11.253",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-27 06:15
Modified
2024-11-21 04:39
Severity ?
Summary
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | Not Applicable, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210507-0007/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72F8E390-7D6B-4981-8F5B-E92C817A3A3D",
"versionEndExcluding": "1.9.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Unbound versiones anteriores a 1.9.5 permite una escritura fuera de l\u00edmites por medio de un nombre comprimido en la funci\u00f3n rdata_copy. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el c\u00f3digo puede ser vulnerable, una instalaci\u00f3n de Unbound en funcionamiento no puede ser explotada de forma remota o local"
}
],
"id": "CVE-2019-25042",
"lastModified": "2024-11-21T04:39:48.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-27T06:15:07.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-03 17:15
Modified
2024-12-17 19:28
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| sep@nlnetlabs.nl | https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/10/04/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9D6A27-E1D7-4B7E-8C13-A321D4155316",
"versionEndExcluding": "1.21.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic."
},
{
"lang": "es",
"value": "NLnet Labs Unbound hasta la versi\u00f3n 1.21.0 incluida contiene una vulnerabilidad gestionando respuestas con conjuntos de RR muy grandes para las que necesita realizar una compresi\u00f3n de nombres. Las respuestas maliciosas ascendentes con conjuntos de RR muy grandes pueden hacer que Unbound dedique un tiempo considerable a aplicar la compresi\u00f3n de nombres a las respuestas descendentes. Esto puede provocar un rendimiento degradado y, finalmente, la denegaci\u00f3n del servicio en ataques bien orquestados. La vulnerabilidad puede ser explotada por un actor malicioso que consulte a Unbound sobre el contenido especialmente manipulado de una zona maliciosa con conjuntos de RR muy grandes. Antes de que Unbound responda a la consulta, intentar\u00e1 aplicar la compresi\u00f3n de nombres, que era una operaci\u00f3n sin l\u00edmites que pod\u00eda bloquear la CPU hasta que se completara todo el paquete. La versi\u00f3n 1.21.1 de Unbound introduce un l\u00edmite estricto en la cantidad de c\u00e1lculos de compresi\u00f3n de nombres que est\u00e1 dispuesto a realizar por paquete. Los paquetes que necesitan m\u00e1s compresi\u00f3n dar\u00e1n como resultado paquetes semicomprimidos o paquetes truncados, incluso en TCP para mensajes grandes, para evitar bloquear la CPU durante mucho tiempo. Este cambio no deber\u00eda afectar el tr\u00e1fico DNS normal."
}
],
"id": "CVE-2024-8508",
"lastModified": "2024-12-17T19:28:03.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "sep@nlnetlabs.nl",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-03T17:15:15.323",
"references": [
{
"source": "sep@nlnetlabs.nl",
"tags": [
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/10/04/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html"
}
],
"sourceIdentifier": "sep@nlnetlabs.nl",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-606"
}
],
"source": "sep@nlnetlabs.nl",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-01-23 16:29
Modified
2024-11-21 03:14
Severity ?
Summary
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | unbound | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE9EA21-B784-4BCD-A0D6-8C474E6AEDCB",
"versionEndExcluding": "1.6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof."
},
{
"lang": "es",
"value": "Se ha encontrado un error en la forma en la que unbound, en versiones anteriores a la 1.6.8, validaba los registros NSEC sintetizados con caracteres comod\u00edn. Un registro con caracteres comod\u00edn NSEC validado incorrectamente podr\u00eda emplearse para probar la falta (respuesta NXDOMAIN) de un registro de caracteres comod\u00edn, o enga\u00f1ar a unbound para que acepte una prueba NODATA."
}
],
"id": "CVE-2017-15105",
"lastModified": "2024-11-21T03:14:05.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-23T16:29:00.273",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102817"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://unbound.net/downloads/CVE-2017-15105.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3673-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://unbound.net/downloads/CVE-2017-15105.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3673-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-358"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-25041
Vulnerability from cvelistv5
Published
2021-04-27 05:16
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:26:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25041",
"datePublished": "2021-04-27T05:16:35",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25042
Vulnerability from cvelistv5
Published
2021-04-27 05:16
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:27:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25042",
"datePublished": "2021-04-27T05:16:24",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:19.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15105
Vulnerability from cvelistv5
Published
2018-01-23 16:00
Modified
2024-09-16 21:56
Severity ?
EPSS score ?
Summary
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102817 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html | mailing-list, x_refsource_MLIST | |
| https://unbound.net/downloads/CVE-2017-15105.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3673-1/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NLnet Labs | unbound |
Version: before 1.6.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102817",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102817"
},
{
"name": "[debian-lts-announce] 20190214 [SECURITY] [DLA 1676-1] unbound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html"
},
{
"name": "[debian-lts-announce] 20180130 [SECURITY] [DLA 1264-1] unbound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://unbound.net/downloads/CVE-2017-15105.txt"
},
{
"name": "USN-3673-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3673-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unbound",
"vendor": "NLnet Labs",
"versions": [
{
"status": "affected",
"version": "before 1.6.8"
}
]
}
],
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T10:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "102817",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102817"
},
{
"name": "[debian-lts-announce] 20190214 [SECURITY] [DLA 1676-1] unbound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html"
},
{
"name": "[debian-lts-announce] 20180130 [SECURITY] [DLA 1264-1] unbound security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://unbound.net/downloads/CVE-2017-15105.txt"
},
{
"name": "USN-3673-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3673-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2017-15105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unbound",
"version": {
"version_data": [
{
"version_value": "before 1.6.8"
}
]
}
}
]
},
"vendor_name": "NLnet Labs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-358"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102817"
},
{
"name": "[debian-lts-announce] 20190214 [SECURITY] [DLA 1676-1] unbound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html"
},
{
"name": "[debian-lts-announce] 20180130 [SECURITY] [DLA 1264-1] unbound security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html"
},
{
"name": "https://unbound.net/downloads/CVE-2017-15105.txt",
"refsource": "CONFIRM",
"url": "https://unbound.net/downloads/CVE-2017-15105.txt"
},
{
"name": "USN-3673-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3673-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-15105",
"datePublished": "2018-01-23T16:00:00Z",
"dateReserved": "2017-10-08T00:00:00",
"dateUpdated": "2024-09-16T21:56:27.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50387
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.athene-center.de/aktuelles/key-trap"
},
{
"tags": [
"x_transferred"
],
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39367411"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.isc.org/blogs/2024-bind-security-release/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=39372384"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3"
},
{
"name": "FEDORA-2024-2e26eccfcb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"
},
{
"name": "FEDORA-2024-e24211eff0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
},
{
"name": "FEDORA-2024-21310568fa",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"name": "FEDORA-2024-b0f9656a76",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"
},
{
"name": "FEDORA-2024-4e36df9dfd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"
},
{
"name": "FEDORA-2024-499b9be35f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"name": "FEDORA-2024-c36c448396",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"name": "FEDORA-2024-c967c7d287",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"
},
{
"name": "FEDORA-2024-e00eceb11c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"
},
{
"name": "FEDORA-2024-fae88b73eb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0007/"
},
{
"name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:14:16.780094",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.athene-center.de/aktuelles/key-trap"
},
{
"url": "https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/"
},
{
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html"
},
{
"url": "https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/"
},
{
"url": "https://news.ycombinator.com/item?id=39367411"
},
{
"url": "https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/"
},
{
"url": "https://www.isc.org/blogs/2024-bind-security-release/"
},
{
"url": "https://news.ycombinator.com/item?id=39372384"
},
{
"url": "https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1"
},
{
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html"
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1219823"
},
{
"url": "https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2"
},
{
"name": "[oss-security] 20240216 Re: Unbound: disclosure of CVE-2023-50387 and CVE-2023-50868 DNSSEC validation vulnerabilities",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3"
},
{
"name": "FEDORA-2024-2e26eccfcb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/"
},
{
"name": "FEDORA-2024-e24211eff0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/"
},
{
"name": "FEDORA-2024-21310568fa",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/"
},
{
"name": "[debian-lts-announce] 20240221 [SECURITY] [DLA 3736-1] unbound security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html"
},
{
"name": "FEDORA-2024-b0f9656a76",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/"
},
{
"name": "FEDORA-2024-4e36df9dfd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/"
},
{
"name": "FEDORA-2024-499b9be35f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/"
},
{
"name": "FEDORA-2024-c36c448396",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/"
},
{
"name": "FEDORA-2024-c967c7d287",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/"
},
{
"name": "FEDORA-2024-e00eceb11c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/"
},
{
"name": "FEDORA-2024-fae88b73eb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0007/"
},
{
"name": "[debian-lts-announce] 20240517 [SECURITY] [DLA 3816-1] bind9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-50387",
"datePublished": "2024-02-14T00:00:00",
"dateReserved": "2023-12-07T00:00:00",
"dateUpdated": "2024-08-02T22:16:46.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25035
Vulnerability from cvelistv5
Published
2021-04-27 05:17
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:21:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25035",
"datePublished": "2021-04-27T05:17:34",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10772
Vulnerability from cvelistv5
Published
2020-11-27 17:40
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1846026 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "unbound",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unbound-1.6.6-5.el7_8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-406",
"description": "CWE-406-\u003eCWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-27T17:40:05",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-10772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "unbound",
"version": {
"version_data": [
{
"version_value": "unbound-1.6.6-5.el7_8"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-406-\u003eCWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1846026"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-10772",
"datePublished": "2020-11-27T17:40:05",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25031
Vulnerability from cvelistv5
Published
2021-04-27 05:18
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:17:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25031",
"datePublished": "2021-04-27T05:18:17",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25040
Vulnerability from cvelistv5
Published
2021-04-27 05:16
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:25:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25040",
"datePublished": "2021-04-27T05:16:44",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-16866
Vulnerability from cvelistv5
Published
2019-10-03 18:53
Modified
2024-08-05 01:24
Severity ?
EPSS score ?
Summary
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog | x_refsource_MISC | |
| https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt | x_refsource_MISC | |
| https://usn.ubuntu.com/4149-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2019/dsa-4544 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Oct/23 | mailing-list, x_refsource_BUGTRAQ | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
},
{
"name": "USN-4149-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4149-1/"
},
{
"name": "DSA-4544",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4544"
},
{
"name": "20191016 [SECURITY] [DSA 4544-1] unbound security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Oct/23"
},
{
"name": "FEDORA-2019-e99b716a92",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/"
},
{
"name": "FEDORA-2019-0418c12a36",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-11T02:06:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
},
{
"name": "USN-4149-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4149-1/"
},
{
"name": "DSA-4544",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4544"
},
{
"name": "20191016 [SECURITY] [DSA 4544-1] unbound security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Oct/23"
},
{
"name": "FEDORA-2019-e99b716a92",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/"
},
{
"name": "FEDORA-2019-0418c12a36",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog"
},
{
"name": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt",
"refsource": "MISC",
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt"
},
{
"name": "USN-4149-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4149-1/"
},
{
"name": "DSA-4544",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4544"
},
{
"name": "20191016 [SECURITY] [DSA 4544-1] unbound security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Oct/23"
},
{
"name": "FEDORA-2019-e99b716a92",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E65NCWZZB2D75ZIYWPXKMVGSGNYW4JMC/"
},
{
"name": "FEDORA-2019-0418c12a36",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MLRHE7TQFAOV4MB2ELTOGESZYUL65NUJ/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16866",
"datePublished": "2019-10-03T18:53:33",
"dateReserved": "2019-09-25T00:00:00",
"dateUpdated": "2024-08-05T01:24:48.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25037
Vulnerability from cvelistv5
Published
2021-04-27 05:17
Modified
2024-11-19 14:58
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25037",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:58:32.546482Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T14:58:40.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:23:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25037",
"datePublished": "2021-04-27T05:17:13",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-11-19T14:58:40.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25034
Vulnerability from cvelistv5
Published
2021-04-27 05:17
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:20:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25034",
"datePublished": "2021-04-27T05:17:43",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25039
Vulnerability from cvelistv5
Published
2021-04-27 05:16
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.929Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:24:45",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25039",
"datePublished": "2021-04-27T05:16:54",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-28935
Vulnerability from cvelistv5
Published
2020-12-07 21:46
Modified
2024-09-16 23:27
Severity ?
EPSS score ?
Summary
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system.
References
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | NLnet Labs | Unbound |
Version: <= 1.12.0 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:48:00.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt"
},
{
"name": "GLSA-202101-38",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-38"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.12.0"
}
]
},
{
"product": "NSD",
"vendor": "NLnet Labs",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "We would like to thank Mason Loring Bliss for bringing the issue to our attention."
}
],
"datePublic": "2020-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would follow symlinks if the file happened to be a symlink instead of a regular file. An additional chown of the file would then take place after it was written, making the user Unbound/NSD is supposed to run as the new owner of the file. If an attacker has local access to the user Unbound/NSD runs as, she could create a symlink in place of the PID file pointing to a file that she would like to erase. If then Unbound/NSD is killed and the PID file is not cleared, upon restarting with root privileges, Unbound/NSD will rewrite any file pointed at by the symlink. This is a local vulnerability that could create a Denial of Service of the system Unbound/NSD is running on. It requires an attacker having access to the limited permission user Unbound/NSD runs as and point through the symlink to a critical file on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2020-28935.txt"
},
{
"url": "https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt"
},
{
"name": "GLSA-202101-38",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-38"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "Local symlink attack in Unbound and NSD"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2020-28935",
"datePublished": "2020-12-07T21:46:47.878342Z",
"dateReserved": "2020-11-18T00:00:00",
"dateUpdated": "2024-09-16T23:27:01.127Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12663
Vulnerability from cvelistv5
Published
2020-05-19 13:48
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"name": "FEDORA-2020-3cfd38fefd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"name": "DSA-4694",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"name": "FEDORA-2020-8e9b62948e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"name": "USN-4374-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"name": "openSUSE-SU-2020:0912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"name": "FreeBSD-SA-20:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T18:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"name": "FEDORA-2020-3cfd38fefd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"name": "DSA-4694",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"name": "FEDORA-2020-8e9b62948e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"name": "USN-4374-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"name": "openSUSE-SU-2020:0912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"name": "FreeBSD-SA-20:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt",
"refsource": "CONFIRM",
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"name": "FEDORA-2020-3cfd38fefd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"name": "DSA-4694",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"name": "FEDORA-2020-8e9b62948e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"name": "USN-4374-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"name": "openSUSE-SU-2020:0912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"name": "FreeBSD-SA-20:19",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12663",
"datePublished": "2020-05-19T13:48:46",
"dateReserved": "2020-05-05T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30699
Vulnerability from cvelistv5
Published
2022-08-01 14:13
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NLnet Labs | Unbound |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
},
{
"name": "FEDORA-2022-f89beb0640",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"name": "FEDORA-2022-0a914d5c6b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"name": "GLSA-202212-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThanOrEqual": "1.16.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "We would like to thank Xiang Li from the Network and Information Security Lab of Tsinghua University for discovering and disclosing the vulnerability."
}
],
"datePublic": "2022-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
},
{
"name": "FEDORA-2022-f89beb0640",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"name": "FEDORA-2022-0a914d5c6b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"name": "GLSA-202212-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "Novel \"ghost domain names\" attack by updating almost expired delegation information"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2022-30699",
"datePublished": "2022-08-01T14:13:58.392776Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-16T18:29:59.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25036
Vulnerability from cvelistv5
Published
2021-04-27 05:17
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:22:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25036",
"datePublished": "2021-04-27T05:17:26",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:19.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0969
Vulnerability from cvelistv5
Published
2010-03-16 18:26
Modified
2024-08-07 01:06
Severity ?
EPSS score ?
Summary
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/62903 | vdb-entry, x_refsource_OSVDB | |
| http://www.openwall.com/lists/oss-security/2010/03/12/3 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/38888 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html | mailing-list, x_refsource_MLIST | |
| http://marc.info/?l=oss-security&m=126876222231747&w=2 | mailing-list, x_refsource_MLIST | |
| http://bugs.gentoo.org/show_bug.cgi?id=309117 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/38701 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62903",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62903"
},
{
"name": "[oss-security] 20100312 CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/3"
},
{
"name": "38888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38888"
},
{
"name": "[unbound-users] 20100311 Unbound 1.4.3 release",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html"
},
{
"name": "[oss-security] 20100316 Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126876222231747\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=309117"
},
{
"name": "38701",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38701"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62903",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62903"
},
{
"name": "[oss-security] 20100312 CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/3"
},
{
"name": "38888",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38888"
},
{
"name": "[unbound-users] 20100311 Unbound 1.4.3 release",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html"
},
{
"name": "[oss-security] 20100316 Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126876222231747\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=309117"
},
{
"name": "38701",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62903",
"refsource": "OSVDB",
"url": "http://osvdb.org/62903"
},
{
"name": "[oss-security] 20100312 CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/03/12/3"
},
{
"name": "38888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38888"
},
{
"name": "[unbound-users] 20100311 Unbound 1.4.3 release",
"refsource": "MLIST",
"url": "http://www.unbound.net/pipermail/unbound-users/2010-March/001057.html"
},
{
"name": "[oss-security] 20100316 Re: CVE Request -- Unbound v1.4.3 -- 64 bit platforms specific remote DoS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126876222231747\u0026w=2"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=309117",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=309117"
},
{
"name": "38701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0969",
"datePublished": "2010-03-16T18:26:00",
"dateReserved": "2010-03-16T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25033
Vulnerability from cvelistv5
Published
2021-04-27 05:17
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:24:46.767107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:24:55.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:19:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25033",
"datePublished": "2021-04-27T05:17:53",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8602
Vulnerability from cvelistv5
Published
2014-12-11 02:00
Modified
2024-08-06 13:26
Severity ?
EPSS score ?
Summary
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/71589 | vdb-entry, x_refsource_BID | |
| http://unbound.net/downloads/patch_cve_2014_8602.diff | x_refsource_MISC | |
| http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html | x_refsource_MISC | |
| http://www.debian.org/security/2014/dsa-3097 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/264212 | third-party-advisory, x_refsource_CERT-VN | |
| https://unbound.net/downloads/CVE-2014-8602.txt | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2484-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:26:02.484Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "71589",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/71589"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unbound.net/downloads/patch_cve_2014_8602.diff"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"name": "DSA-3097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3097"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "VU#264212",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/264212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://unbound.net/downloads/CVE-2014-8602.txt"
},
{
"name": "USN-2484-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2484-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "71589",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/71589"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unbound.net/downloads/patch_cve_2014_8602.diff"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"name": "DSA-3097",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3097"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "VU#264212",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/264212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://unbound.net/downloads/CVE-2014-8602.txt"
},
{
"name": "USN-2484-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2484-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71589"
},
{
"name": "http://unbound.net/downloads/patch_cve_2014_8602.diff",
"refsource": "MISC",
"url": "http://unbound.net/downloads/patch_cve_2014_8602.diff"
},
{
"name": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html",
"refsource": "MISC",
"url": "http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html"
},
{
"name": "DSA-3097",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3097"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "VU#264212",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/264212"
},
{
"name": "https://unbound.net/downloads/CVE-2014-8602.txt",
"refsource": "CONFIRM",
"url": "https://unbound.net/downloads/CVE-2014-8602.txt"
},
{
"name": "USN-2484-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2484-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8602",
"datePublished": "2014-12-11T02:00:00",
"dateReserved": "2014-11-04T00:00:00",
"dateUpdated": "2024-08-06T13:26:02.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3204
Vulnerability from cvelistv5
Published
2022-09-26 13:41
Modified
2024-09-17 03:19
Severity ?
EPSS score ?
Summary
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NLnet Labs | Unbound |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt"
},
{
"name": "FEDORA-2022-1326d2815c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/"
},
{
"name": "FEDORA-2022-164cf7837e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/"
},
{
"name": "FEDORA-2022-204ee3da84",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/"
},
{
"name": "GLSA-202212-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThanOrEqual": "1.16.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "We would like to thank Yehuda Afek from Tel-Aviv University, Anat Bremler-Barr and Shani Stajnrod from Reichman University for discovering and disclosing the vulnerability."
}
],
"datePublic": "2022-09-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability named \u0027Non-Responsive Delegation Attack\u0027 (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying to resolve the record until hard limits are reached. Based on the nature of the attack and the replies, different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and limiting the number of times a delegation point can issue a cache lookup for missing records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt"
},
{
"name": "FEDORA-2022-1326d2815c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/"
},
{
"name": "FEDORA-2022-164cf7837e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/"
},
{
"name": "FEDORA-2022-204ee3da84",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/"
},
{
"name": "GLSA-202212-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "NRDelegation Attack"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2022-3204",
"datePublished": "2022-09-26T13:41:46.275188Z",
"dateReserved": "2022-09-13T00:00:00",
"dateUpdated": "2024-09-17T03:19:03.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1922
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/47986 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/44865 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/72750 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/531342 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67645 | vdb-entry, x_refsource_XF | |
| http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2011-7555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html"
},
{
"name": "47986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47986"
},
{
"name": "44865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44865"
},
{
"name": "72750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/72750"
},
{
"name": "VU#531342",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/531342"
},
{
"name": "unbound-dns-dos(67645)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2011-7555",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html"
},
{
"name": "47986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47986"
},
{
"name": "44865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44865"
},
{
"name": "72750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/72750"
},
{
"name": "VU#531342",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/531342"
},
{
"name": "unbound-dns-dos(67645)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67645"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1922",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30698
Vulnerability from cvelistv5
Published
2022-08-01 14:13
Modified
2024-09-16 19:35
Severity ?
EPSS score ?
Summary
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NLnet Labs | Unbound |
Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
},
{
"name": "FEDORA-2022-f89beb0640",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"name": "FEDORA-2022-0a914d5c6b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"name": "GLSA-202212-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThanOrEqual": "1.16.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "We would like to thank Xiang Li from the Network and Information Security Lab of Tsinghua University for discovering and disclosing the vulnerability."
}
],
"datePublic": "2022-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the \"ghost domain names\" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound\u0027s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T00:00:00",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt"
},
{
"name": "FEDORA-2022-f89beb0640",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC/"
},
{
"name": "FEDORA-2022-0a914d5c6b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD/"
},
{
"name": "GLSA-202212-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-02"
},
{
"name": "[debian-lts-announce] 20230329 [SECURITY] [DLA 3371-1] unbound security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html"
}
],
"title": "Novel \"ghost domain names\" attack by introducing subdomain delegations"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2022-30698",
"datePublished": "2022-08-01T14:13:44.911318Z",
"dateReserved": "2022-05-13T00:00:00",
"dateUpdated": "2024-09-16T19:35:09.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4008
Vulnerability from cvelistv5
Published
2011-06-02 20:00
Modified
2024-09-16 18:38
Severity ?
EPSS score ?
Summary
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz | x_refsource_MISC | |
| http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog | x_refsource_MISC | |
| http://www.debian.org/security/2011/dsa-2243 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog"
},
{
"name": "DSA-2243",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2243"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-02T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog"
},
{
"name": "DSA-2243",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2243"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz",
"refsource": "MISC",
"url": "http://unbound.nlnetlabs.nl/downloads/unbound-1.4.4.tar.gz"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog",
"refsource": "MISC",
"url": "http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog"
},
{
"name": "DSA-2243",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2243"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4008",
"datePublished": "2011-06-02T20:00:00Z",
"dateReserved": "2009-11-19T00:00:00Z",
"dateUpdated": "2024-09-16T18:38:27.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25032
Vulnerability from cvelistv5
Published
2021-04-27 05:18
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:18:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25032",
"datePublished": "2021-04-27T05:18:00",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1931
Vulnerability from cvelistv5
Published
2024-03-07 09:17
Modified
2024-08-28 20:43
Severity ?
EPSS score ?
Summary
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NLnet Labs | Unbound |
Version: 1.18.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unbound",
"vendor": "nlnetlabs",
"versions": [
{
"lessThan": "1.19.2",
"status": "affected",
"version": "1.18.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:41:49.748390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:43:00.408Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThan": "1.19.2",
"status": "affected",
"version": "1.18.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fredrik Pettai, SUNET"
},
{
"lang": "en",
"type": "finder",
"value": "Patrik Lundin, SUNET"
}
],
"datePublic": "2024-03-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client\u0027s advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client\u0027s buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the \u0027ede: yes\u0027 option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "\u0027ede: yes\u0027 option set"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T09:17:13.072Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/"
},
{
"url": "https://lists.freebsd.org/archives/freebsd-security/2024-July/000283.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240705-0006/"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 1.19.2 and all later versions. For the vulnerable versions 1.18.0 up to and including 1.19.1, the option \u0027ede: no\u0027 (default configuration) is also a solution as it does not exercise the vulnerable code path."
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-17T00:00:00.000Z",
"value": "Issue reported by SUNET"
},
{
"lang": "en",
"time": "2024-02-19T00:00:00.000Z",
"value": "Issue acknowledged by NLnet Labs"
},
{
"lang": "en",
"time": "2021-09-22T00:00:00.000Z",
"value": "Mitigation shared with SUNET"
},
{
"lang": "en",
"time": "2024-03-07T00:00:00.000Z",
"value": "Fixes released with Unbound 1.19.2"
}
],
"title": "Denial of service when trimming EDE text on positive replies"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2024-1931",
"datePublished": "2024-03-07T09:17:13.072Z",
"dateReserved": "2024-02-27T13:43:18.777Z",
"dateUpdated": "2024-08-28T20:43:00.408Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18934
Vulnerability from cvelistv5
Published
2019-11-19 17:30
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/11/19/1 | mailing-list, x_refsource_MLIST | |
| https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt | x_refsource_MISC | |
| https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog | x_refsource_MISC | |
| https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"
},
{
"name": "FEDORA-2019-a29e620cd4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"
},
{
"name": "openSUSE-SU-2020:0912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-29T23:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"
},
{
"name": "FEDORA-2019-a29e620cd4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"
},
{
"name": "openSUSE-SU-2020:0912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/11/19/1"
},
{
"name": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt",
"refsource": "MISC",
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt"
},
{
"name": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog"
},
{
"name": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/",
"refsource": "CONFIRM",
"url": "https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/"
},
{
"name": "FEDORA-2019-a29e620cd4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/"
},
{
"name": "openSUSE-SU-2020:0912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18934",
"datePublished": "2019-11-19T17:30:01",
"dateReserved": "2019-11-13T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-8508
Vulnerability from cvelistv5
Published
2024-10-03 16:27
Modified
2024-11-14 21:02
Severity ?
EPSS score ?
Summary
NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | NLnet Labs | Unbound |
Version: 0 ≤ 1.21.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "unbound",
"vendor": "nlnetlabs",
"versions": [
{
"lessThanOrEqual": "1.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T17:11:45.971377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T17:15:19.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-14T21:02:40.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/04/5"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Unbound",
"vendor": "NLnet Labs",
"versions": [
{
"lessThanOrEqual": "1.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Toshifumi Sakaguchi"
}
],
"datePublic": "2024-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-606",
"description": "CWE-606: Unchecked Input for Loop Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T16:27:54.540Z",
"orgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"shortName": "NLnet Labs"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is fixed in 1.21.1 and all later versions."
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-25T00:00:00.000Z",
"value": "Issue reported by Toshifumi Sakaguchi"
},
{
"lang": "en",
"time": "2024-07-31T00:00:00.000Z",
"value": "Issue acknowledged by NLnet Labs; mitigation shared with Toshifumi Sakaguchi"
},
{
"lang": "en",
"time": "2024-08-01T00:00:00.000Z",
"value": "Mitigation confirmed by Toshifumi Sakaguchi"
},
{
"lang": "en",
"time": "2024-10-03T00:00:00.000Z",
"value": "Fixes released with Unbound 1.21.1"
}
],
"title": "Unbounded name compression could lead to Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "206fc3a0-e175-490b-9eaa-a5738056c9f6",
"assignerShortName": "NLnet Labs",
"cveId": "CVE-2024-8508",
"datePublished": "2024-10-03T16:27:54.540Z",
"dateReserved": "2024-09-06T11:47:59.783Z",
"dateUpdated": "2024-11-14T21:02:40.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3602
Vulnerability from cvelistv5
Published
2009-10-13 10:00
Modified
2024-08-07 06:31
Severity ?
EPSS score ?
Summary
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/37913 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2009/10/09/3 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/36996 | third-party-advisory, x_refsource_SECUNIA | |
| http://unbound.net/pipermail/unbound-users/2009-October/000852.html | mailing-list, x_refsource_MLIST | |
| http://www.vupen.com/english/advisories/2009/2875 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53729 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2009/10/09/2 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/58836 | vdb-entry, x_refsource_OSVDB | |
| http://www.debian.org/security/2009/dsa-1963 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37913"
},
{
"name": "[oss-security] 20091009 Re: CVE request: Unbound",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
},
{
"name": "36996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36996"
},
{
"name": "[Unbound-users] 20091007 Release of unbound 1.3.4",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
},
{
"name": "ADV-2009-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2875"
},
{
"name": "unbound-nsec3-security-bypass(53729)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
},
{
"name": "[oss-security] 20091009 CVE request: Unbound",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
},
{
"name": "58836",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58836"
},
{
"name": "DSA-1963",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "37913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37913"
},
{
"name": "[oss-security] 20091009 Re: CVE request: Unbound",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
},
{
"name": "36996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36996"
},
{
"name": "[Unbound-users] 20091007 Release of unbound 1.3.4",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
},
{
"name": "ADV-2009-2875",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2875"
},
{
"name": "unbound-nsec3-security-bypass(53729)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
},
{
"name": "[oss-security] 20091009 CVE request: Unbound",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
},
{
"name": "58836",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58836"
},
{
"name": "DSA-1963",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37913"
},
{
"name": "[oss-security] 20091009 Re: CVE request: Unbound",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/3"
},
{
"name": "36996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36996"
},
{
"name": "[Unbound-users] 20091007 Release of unbound 1.3.4",
"refsource": "MLIST",
"url": "http://unbound.net/pipermail/unbound-users/2009-October/000852.html"
},
{
"name": "ADV-2009-2875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2875"
},
{
"name": "unbound-nsec3-security-bypass(53729)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53729"
},
{
"name": "[oss-security] 20091009 CVE request: Unbound",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/09/2"
},
{
"name": "58836",
"refsource": "OSVDB",
"url": "http://osvdb.org/58836"
},
{
"name": "DSA-1963",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3602",
"datePublished": "2009-10-13T10:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-25038
Vulnerability from cvelistv5
Published
2021-04-27 05:17
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
References
| ▼ | URL | Tags |
|---|---|---|
| https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210507-0007/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T14:42:51.665352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T14:43:04.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-11T21:23:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-25038",
"datePublished": "2021-04-27T05:17:03",
"dateReserved": "2021-04-27T00:00:00",
"dateUpdated": "2024-08-05T03:00:18.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12662
Vulnerability from cvelistv5
Published
2020-05-19 13:50
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nxnsattack.com"
},
{
"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"name": "FEDORA-2020-3cfd38fefd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"name": "DSA-4694",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"name": "FEDORA-2020-8e9b62948e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"name": "USN-4374-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"name": "openSUSE-SU-2020:0912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0006/"
},
{
"name": "FreeBSD-SA-20:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-12T18:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nxnsattack.com"
},
{
"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"name": "FEDORA-2020-3cfd38fefd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"name": "DSA-4694",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"name": "FEDORA-2020-8e9b62948e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"name": "USN-4374-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"name": "openSUSE-SU-2020:0912",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200702-0006/"
},
{
"name": "FreeBSD-SA-20:19",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an \"NXNSAttack\" issue. This is triggered by random subdomains in the NSDNAME in NS records."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt",
"refsource": "CONFIRM",
"url": "https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt"
},
{
"name": "http://www.nxnsattack.com",
"refsource": "MISC",
"url": "http://www.nxnsattack.com"
},
{
"name": "[oss-security] 20200519 Unbound - CVE-2020-12662, CVE-2020-12663",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/05/19/5"
},
{
"name": "FEDORA-2020-3cfd38fefd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F5NFROI2OMCZLYRTCNGHGO3TUD32LCIQ/"
},
{
"name": "DSA-4694",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4694"
},
{
"name": "FEDORA-2020-8e9b62948e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJ42N2HBZ3DXMSEC56SWIIOFQGOS5M7I/"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_20_12",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_20_12"
},
{
"name": "USN-4374-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4374-1/"
},
{
"name": "openSUSE-SU-2020:0912",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html"
},
{
"name": "openSUSE-SU-2020:0913",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200702-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200702-0006/"
},
{
"name": "FreeBSD-SA-20:19",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:19.unbound.asc"
},
{
"name": "[debian-lts-announce] 20210212 [SECURITY] [DLA 2556-1] unbound1.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12662",
"datePublished": "2020-05-19T13:50:18",
"dateReserved": "2020-05-05T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}