Lucene search
K

43 matches found

RedHat Linux
RedHat Linux
added 6 days ago10 views

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

7.5CVSS6.1AI score0.07237EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : bind (EulerOS-SA-2026-2434)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...

7.5CVSS6.1AI score0.01545EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2026/06/08 12:0 a.m.9 views

Important: unbound security update

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...

8.7CVSS5.4AI score0.00842EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Important: unbound

Issue Overview: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary c...

10CVSS6.6AI score0.01272EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:20 a.m.9 views

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS5.7AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:0 a.m.5 views

UBUNTU-CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

8.7CVSS5.8AI score0.00779EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/13 3:48 a.m.12 views

SUSE CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

5.3CVSS5.8AI score0.06226EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2026/05/11 4:47 p.m.11 views

CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

7.5CVSS5.8AI score0.06226EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/11 4:47 p.m.8 views

CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

7.5CVSS5.8AI score0.06226EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/11 4:47 p.m.9 views

CVE-2026-4890 CVE-2026-4890

A Denial of Service DoS vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet...

5.8AI score0.07237EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.10 views

PT-2026-39698

Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description A Denial of Service DoS issue in the DNSSEC validation of dnsmasq allows remote attackers to cause a service disruption by sending a crafted DNS packet. Recommendations At the moment, there i...

8.8CVSS5.8AI score0.07237EPSS
Exploits4References91
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

openSUSE 16 Security Update : bind (openSUSE-SU-2026:20550-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20550-1 advisory. - Update to release 9.20.21 - CVE-2026-1519: maliciously crafted DNSSEC-validated zone can lead to denial of service bsc1260805. - CVE-2026-3104...

7.5CVSS7.5AI score0.01545EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.6 views

Oracle Linux 9 : bind (ELSA-2026-8075)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-8075 advisory. - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 Tenable has...

8.6CVSS7.3AI score0.01545EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/04/14 12:0 a.m.8 views

bind9.18 security update

32:9.18.29-5.4 - Correct backport issue in the patch CVE-2026-1519 32:9.18.29-5.3 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519...

7.5CVSS5.8AI score0.01545EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.4 views

CVE-2026-27602

Modoboa is a mail hosting and management platform. Prior to version 2.7.1, execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacte...

7.2CVSS6AI score0.00566EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 6:16 p.m.18 views

CVE-2026-0229

A denial-of-service DoS vulnerability in the Advanced DNS Security ADNS feature of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance...

8.7CVSS0.0056EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/12/12 12:0 a.m.3 views

Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution

The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...

7AI score
Exploits0
OSV
OSV
added 2025/12/09 12:12 p.m.7 views

CLSA-2025-1765282338 unbound: Fix of CVE-2023-50868

CVE-2023-50868: avoid availabiluty of the remote attackers to cause a denial of service using DNSSEC...

7.5CVSS7AI score0.81729EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/16 12:0 a.m.3 views

Fedora 42 : bind9-next (2025-d9f9394ecd)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d9f9394ecd advisory. Update to 9.21.14 rhbz2394406 Security Fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

8.6CVSS6.7AI score0.1096EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2000-1010

Malware in sbrugna...

7.5CVSS6.4AI score0.08644EPSS
Exploits1References4
Rows per page
Query Builder