5 matches found
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options CVE-2026-42944 unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in...
Heap overflow with multiple NSID, COOKIE, PADDING EDNS options
...
CVE-2026-41292
CVE-2026-41292 affects NLnet Labs Unbound up to 1.25.0. A vulnerability in parsing long lists of incoming EDNS options can cause a degradation of service/DoS as adversaries send queries with many EDNS options, tying up worker threads while parsing. The issue is mitigated in Unbound 1.25.1, which ...
PT-2026-42128
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions prior to 1.25.1 Description An issue exists related to the parsing of long lists of incoming EDNS Extension Mechanisms for DNS options. An adversary can send queries containing an excessive number of EDNS options,...
SUSE CVE-2018-5744
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1, and versions 9.10.7-S1 - 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 - 9.13.6 of th...