UBUNTU-CVE-2022-2795

By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

ISC BIND 数据伪造问题漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability exists in ISC BIND versions 9.8.4 through 9.16.32, which originates from the use of a misformatted ECDSA signature that spoofs the target resolver program, causing a memo...

CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

UBUNTU-CVE-2022-38178

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

UBUNTU-CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

SUSE SLES15 Security Update : libcontainers-common (SUSE-SU-2022:3312-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3312-1 advisory. - An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlin...

PT-2022-4939 · Isc +10 · Bind +10

Name of the Vulnerable Software and Affected Versions: BIND versions affected versions not specified Description: The issue is related to a flaw in the resolver code, allowing an attacker to cause the named service to crash by sending specific queries. This can lead to a denial of service DoS...

Fedora: Security Advisory for unbound (FEDORA-2022-0a914d5c6b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: unbound-1.16.2-3.fc35

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

PT-2022-4938 · Isc +11 · Bind +11

Name of the Vulnerable Software and Affected Versions: BIND versions affected versions not specified Description: The issue is related to a flaw in the resolver code of the DNS server, which can be exploited by flooding the target resolver with queries, significantly impairing its performance and...

USN-5569-1: Unbound vulnerabilities

Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked...

CVE-2022-33991

dproxy-nexgen aka dproxy nexgen forwards and caches DNS queries with the CD aka checking disabled bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers...

Code injection

dproxy-nexgen aka dproxy nexgen re-uses the DNS transaction id TXID value from client queries, which allows attackers able to send queries to the resolver to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker...

Domain Name Relay Daemon 安全漏洞

Domain Name Relay Daemon DNRD is an open source caching and forwarding DNS proxy server from Sourceforge. A security vulnerability exists in DNRD Domain Name Relay Daemon version 2.20.3, which stems from setting the CD aka Check Disabled bit to 1, resulting in the DNSSEC protection provided by th...

dproxy 安全漏洞

dproxy is an intelligent caching DNS proxy by Matthew Pratt, a personal developer. A security vulnerability exists in dproxy that stems from setting the CD aka Check Disabled bit to 1, which causes the DNSSEC protection provided by the upstream resolver to be disabled...

OESA-2022-1821 dnsmasq security update

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...

SUSE-SU-2022:2713-1 Security update for bind

This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance bsc1192146. - CVE-2021-25220: Fixed potentially incorrect answers by cached forwarders bsc1197135. - CVE-2022-0396: Fixed a incorrect handling of...

CVE-2022-30699

A flaw was found in Unbound, which is vulnerable to a novel type of "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates...

CVE-2022-30698

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...

CVE-2022-30698

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the...