CVE-2026-40012

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

EulerOS Virtualization 2.12.1 : unbound (EulerOS-SA-2026-1467)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that...

EulerOS Virtualization 2.13.1 : unbound (EulerOS-SA-2025-2567)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS...

FreeBSD : powerdns-recursor -- cache pollution (b3948bf3-685e-11f0-bff5-6805ca2fa271)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b3948bf3-685e-11f0-bff5-6805ca2fa271 advisory. PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor ha...

CVE-2025-30192

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

CVE-2025-30192

An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter...

powerdns-recursor -- cache pollution

PowerDNS Team reports: An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and...

PT-2025-30267 · Recursor +1 · Recursor +1

Name of the Vulnerable Software and Affected Versions: versions prior to the updated version Description: An attacker spoofing responses to ECS-enabled requests sent by the Recursor may succeed. The updated version includes mitigations against spoofing attempts of ECS-enabled queries by chaining...

ALPINE-CVE-2025-5994

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet ECS. Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to...

CVE-2023-5680 Cleaning an ECS-enabled cache may cause excessive CPU load

If a resolver cache has a very large number of ECS records stored for the same name, the process of cleaning the cache database node for this name can significantly impair query performance. This issue affects BIND 9 versions 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and...