Filtered by vendor Nlnetlabs Subscriptions
Filtered by product Unbound Subscriptions
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-25033 3 Debian, Nlnetlabs, Redhat 4 Debian Linux, Unbound, Enterprise Linux and 1 more 2024-08-05 9.8 Critical
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25032 3 Debian, Nlnetlabs, Redhat 4 Debian Linux, Unbound, Enterprise Linux and 1 more 2024-08-05 9.8 Critical
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
CVE-2019-25031 2 Debian, Nlnetlabs 2 Debian Linux, Unbound 2024-08-05 5.9 Medium
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation
CVE-2019-18934 4 Fedoraproject, Nlnetlabs, Opensuse and 1 more 4 Fedora, Unbound, Leap and 1 more 2024-08-05 7.3 High
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2019-16866 2 Canonical, Nlnetlabs 2 Ubuntu Linux, Unbound 2024-08-05 7.5 High
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2020-12662 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-08-04 7.5 High
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
CVE-2020-12663 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-08-04 7.5 High
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
CVE-2020-10772 2 Nlnetlabs, Redhat 2 Unbound, Enterprise Linux 2024-08-04 7.5 High
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound.
CVE-2023-50387 8 Fedoraproject, Isc, Microsoft and 5 more 17 Fedora, Bind, Windows Server 2008 and 14 more 2024-08-02 7.5 High
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.