Lucene search
K

85 matches found

OSV
OSV
added 2026/05/07 2:59 a.m.3 views

GHSA-3V94-MW7P-V465 hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

8.7CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 2:59 a.m.24 views

hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

5.8AI score
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-38485

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

8.7CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/05/01 12:0 p.m.6 views

RUSTSEC-2026-0120 NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...

5.8AI score
Exploits0References3
RustSec
RustSec
added 2026/05/01 12:0 p.m.10 views

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/01 12:0 p.m.6 views

NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...

5.8AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/01 12:0 p.m.6 views

RUSTSEC-2026-0118 NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the S...

5.8AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : bind9.16-9.16.23-0.16.el8_9.2.ML.1 (AXSA:2024-7685:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7685:01 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: Querying RFC 1918 reverse zones may cause an assertion failure...

7.5CVSS8.5AI score0.99995EPSS
Exploits1References7
OSV
OSV
added 2025/04/21 8:59 p.m.12 views

CLSA-2025-1745269163 dnsmasq: Fix of 2 CVEs

CVE-2023-50387: DNSSEC aspects of the DNS protocol allow remote attackers to cause a DDOS - CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol allows remote attackers to cause a DDOS...

7.5CVSS7AI score0.99995EPSS
Exploits1References1
OSV
OSV
added 2024/12/18 2:27 p.m.10 views

CLSA-2024-1734532058 unbound: Fix of 2 CVEs

CVE-2023-50387: Evaluate DNSSEC responses to prevent KeyTrap denial of service issue. - CVE-2023-50868: Fix Closest Encloser Proof aspect to prevent CPU consumption for SHA-1 computations in random subdomain attacks...

7.5CVSS7.1AI score0.99995EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/12/12 2:15 p.m.14 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.30 views

EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2024-2461)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...

7.5CVSS6.9AI score0.99995EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/09/24 12:0 a.m.47 views

EulerOS 2.0 SP8 : bind (EulerOS-SA-2024-2456)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU...

7.5CVSS6.9AI score0.99995EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/09/09 12:0 a.m.88 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.2024)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.2024 advisory. - This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origi...

7.8CVSS7.7AI score0.99995EPSS
Exploits10References12
OSV
OSV
added 2024/08/23 11:8 a.m.3 views

OESA-2024-2014 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: The...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/08/19 12:0 a.m.26 views

EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2024-2130)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denia...

7.5CVSS6.9AI score0.99995EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.29 views

EulerOS 2.0 SP8 : unbound (EulerOS-SA-2024-2056)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...

8CVSS6.9AI score0.99995EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/07/22 12:0 a.m.37 views

EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2024-2023)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CP...

7.5CVSS6.9AI score0.99995EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2024/07/19 12:0 a.m.37 views

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2024-1998)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.99995EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.42 views

EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2024-1980)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial o...

7.5CVSS6.9AI score0.99995EPSS
Exploits1References3
Rows per page
Query Builder