196 matches found
SUSE CVE-2009-4022
Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled CD, allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive...
SUSE CVE-2019-3807
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation...
SUSE CVE-2020-12244
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation...
SUSE CVE-2020-25683
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory...
PT-2023-8454
Name of the Vulnerable Software and Affected Versions systemd-resolved affected versions not specified Description The issue is related to insufficient authentication checks of messages from DNS clients in the systemd-resolved service, which manages network connections and domain name resolutions...
The vulnerability of the DNSSEC implementation on BIND servers allows attackers to perform a type of attack known as “denial-of-service attack”.
The vulnerability of the DNSSEC technology’s DNS BIND server is related to improper verification of the EdDSA cryptographic signature. Exploiting this vulnerability could allow a malicious actor to perform a denial-of-service attack remotely...
The vulnerability of the DNSSEC implementation in BIND servers allows attackers to perform a type of “denial-of-service attack”.
The vulnerability of the DNSSEC technology’s DNS BIND server stems from improper verification of the ECDSA cryptographic signature. Exploiting this vulnerability allows a malicious actor to perform a type of “denial-of-service” attack...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
bind: memory leak in ECDSA DNSSEC verification code
A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...
bind: memory leak in ECDSA DNSSEC verification code
A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
PT-2022-21781 · Unknown · Go-Resolver
Name of the Vulnerable Software and Affected Versions: go-resolver affected versions not specified Description: The issue is related to incorrect DNSSEC validation. An attacker can cause the package to report successful validation for invalid, attacker-controlled records. Specifically, root DNSSE...
Memory leak in ECDSA DNSSEC verification code
...
CVE-2022-33991
dproxy-nexgen aka dproxy nexgen forwards and caches DNS queries with the CD aka checking disabled bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers...
DNSSEC: How It Works & Key Considerations
From its beginnings as a replacement for a centralized database, the Domain Name System DNS has evolved into a dynamic, highly distributed, question-answer protocol. The proverbial "phone book of the internet" has increased in complexity and scale alongside the rapid growth of the World Wide Web...
DEBIAN-CVE-2020-25687
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory...
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
Researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System DNS responses for home and commercial routers and servers. The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks also...
dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary da...
dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is cause...