unbound -- vulnerability in the processing of wildcard synthesized NSEC records

2017-10-08T00:00:00
ID 8D3BAE09-FD28-11E7-95F2-005056925DB4
Type freebsd
Reporter FreeBSD
Modified 2017-10-08T00:00:00

Description

Unbound reports:

We discovered a vulnerability in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions.