198 matches found
dnsmasq < 2.93 Heap-Based Buffer Overflow (CVE-2026-12725)
The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a heap-based buffer overflow vulnerability. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause...
[SECURITY] Fedora 43 Update: ldns-1.9.2-1.fc43
ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...
CVE-2026-52690
CVE-2026-52690 affects the PowerDNS Recursor. Spoofed replies can cause an authoritative server’s IP to be marked as not supporting EDNS, leading to DNSSEC validation failures for records served by that server. The vulnerability’s impact is documented as enabling validation failures in the presen...
UBUNTU-CVE-2026-12725
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...
CVE-2026-12725
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...
PT-2026-51332
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.93-1.1 Description A heap-based buffer overflow occurs when DNSSEC validation and query logging are simultaneously enabled. The issue arises when logging DS or DNSKEY replies that contain unsupported algorithm or...
Important: Red Hat Security Advisory: bind9.18 security update
An update for bind9.18 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...
EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-2279)
According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...
Important: Red Hat Security Advisory: bind security update
An update for bind is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone
A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...
bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone
A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...
unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution
A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...
[SECURITY] Fedora 43 Update: unbound-1.25.1-1.fc43
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
SUSE-SU-2026:21913-1 Security update for unbound
This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.10)
The version of AOS installed on the remote host is prior to 7.3.1.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.10 advisory. - Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentatio...
OESA-2026-2438 dnsmasq security update
Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...
CVE-2026-33278
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...
Astra Linux – Vulnerability in bind9
If a server hosts a zone containing a “KEY” Resource Record, or if a resolver validates a “KEY” Resource Record from a DNSSEC-signed domain in its cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...
CVE-2026-42959
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...