SUSE CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42959

CVE-2026-42959 affects NLnet Labs Unbound up to version 1.25.0. The vulnerability lies in the DNSSEC validator: while constructing chase-reply messages, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. This, combined with DNAME duplication increasing the A...

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42959 Crash during DNSSEC validation of malicious content

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

MiracleLinux 9 : unbound-1.16.2-3.el9_3.1 (AXSA:2024-7557:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7557:02 advisory. bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resourc...

Oracle Linux 9 : unbound:1.16.2 (ELSA-2024-11232)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-11232 advisory. - Fix unbounded name compression could lead to Denial of Service CVE-2024-8508 - Ensure group access correction reaches also updated configs CVE-2024-1488 -...

unbound:1.16.2 security update

1.16.2-8.1 - Fix unbounded name compression could lead to Denial of Service CVE-2024-8508 1.16.2-8 - Ensure group access correction reaches also updated configs CVE-2024-1488 1.16.2-7 - Ensure only unbound group can change configuration CVE-2024-1488 1.16.2-6 - Fix KeyTrap - Extreme CPU consumpti...

RLSA-2024:3271 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

Oracle Linux 7 : bind, / bind-dyndb-ldap, / and / dhcp (ELSA-2024-3741)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3741 advisory. - Prevent increased CPU consumption in DNSSEC validator CVE-2023-50387 CVE-2023-50868 - Speed up parsing of DNS messages with many different names...

RHEL 8 : bind and dhcp (RHSA-2024:2821)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2821 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...

RLSA-2024:1782 Important: bind and dhcp security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. The Dynamic Hos...

bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator

Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...

RHEL 8 : unbound (RHSA-2024:2587)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2587 advisory. The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: bind9: KeyTrap - Extreme CPU...

Important: Red Hat Security Advisory: bind and bind-dyndb-ldap security updates

Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

RHEL 9 : bind and bind-dyndb-ldap security updates (Important) (RHSA-2024:1803)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1803 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...