Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSDC2AD8700-DE25-11EE-9190-84A93843EB75
HistoryMar 07, 2024 - 12:00 a.m.

Unbound -- Denial-of-Service vulnerability

2024-03-0700:00:00
vuxml.freebsd.org
11
unbound
denial-of-service
ede records

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON

NLNet Labs reports:

Unbound 1.18.0 introduced a feature that removes EDE records from
responses with size higher than the client’s advertised buffer size.
Before removing all the EDE records however, it would try to see if
trimming the extra text fields on those records would result in an
acceptable size while still retaining the EDE codes. Due to an
unchecked condition, the code that trims the text of the EDE records
could loop indefinitely. This happens when Unbound would reply with
attached EDE information on a positive reply and the client’s buffer
size is smaller than the needed space to include EDE records.

    The vulnerability can only be triggered when the 'ede: yes' option
    is used; non default configuration.
OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchunbound< 1.19.2UNKNOWN

Related

osv 1
redos 1
fedora 3
openvas 4
cve 1
nvd 1
nessus 6
prion 1
redhatcve 1
debiancve 1
ubuntucve 1
alpinelinux 1
veracode 1
cvelist 1
ibm 1
osv
osv
CVE-2024-1931
2024-03-07 10:15:07
redos
redos
ROS-20240418-01
2024-04-18 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: unbound-1.19.3-1.fc40
2024-04-19 21:44:41
[SECURITY] Fedora 39 Update: unbound-1.19.3-1.fc39
2024-04-28 03:29:38
[SECURITY] Fedora 38 Update: unbound-1.19.3-1.fc38
2024-04-28 03:29:10
openvas
openvas
Fedora: Security Advisory for unbound (FEDORA-2024-5bfa220621)
2024-05-27 00:00:00
Unbound DNS Resolver 1.18.0 - 1.19.1 DoS Vulnerability
2024-03-07 00:00:00
Fedora: Security Advisory for unbound (FEDORA-2024-3b173364d4)
2024-05-27 00:00:00
cve
cve
CVE-2024-1931
2024-03-07 10:15:07
nvd
nvd
CVE-2024-1931
2024-03-07 10:15:07
nessus
nessus
Fedora 38 : unbound (2024-5bfa220621)
2024-04-28 00:00:00
Fedora 39 : unbound (2024-3b173364d4)
2024-04-28 00:00:00
Fedora 40 : unbound (2024-8b20de41f0)
2024-04-29 00:00:00
prion
prion
Design/Logic Flaw
2024-03-07 10:15:00
redhatcve
redhatcve
CVE-2024-1931
2024-03-07 12:37:52
debiancve
debiancve
CVE-2024-1931
2024-03-07 10:15:07
ubuntucve
ubuntucve
CVE-2024-1931
2024-03-07 00:00:00
alpinelinux
alpinelinux
CVE-2024-1931
2024-03-07 10:15:07
veracode
veracode
Infinite Loop
2024-03-11 19:31:18
cvelist
cvelist
CVE-2024-1931 Denial of service when trimming EDE text on positive replies
2024-03-07 09:17:13
ibm
ibm
Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
2024-06-26 09:20:14

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

JSON
Related for C2AD8700-DE25-11EE-9190-84A93843EB75
osv1redos1fedora3openvas4cve1nvd1nessus6prion1redhatcve1debiancve1ubuntucve1alpinelinux1veracode1cvelist1ibm1