CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

Important: Red Hat Security Advisory: bind9.18 security update

An update for bind9.18 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

FreeBSD : FreeBSD -- Multiple vulnerabilities in unbound (b604d3e1-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b604d3e1-6474-11f1-958d-bc241121aa0a advisory. Multiple vulnerabilities have been reported in Unbound. Instead of listing detailed writeups f...

EulerOS 2.0 SP13 : bind (EulerOS-SA-2026-2279)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU...

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...

unbound: Unbound DNSSEC Validator Use-After-Free via Deep Copy Pointer Overwrite Leading to DoS and Possible Remote Code Execution

A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...

[SECURITY] Fedora 43 Update: unbound-1.25.1-1.fc43

Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...

SUSE-SU-2026:21913-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.10)

The version of AOS installed on the remote host is prior to 7.3.1.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.10 advisory. - Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentatio...

OESA-2026-2438 dnsmasq security update

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...

CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

UBUNTU-CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

MGASA-2026-0152 Updated bind packages fix security vulnerabilities

It was discovered that bind contained a vulnerability where a Malformed BRID/HHIT record can cause named to terminate unexpectedly CVE-2025-13878. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-on...

CVE-2026-45557 Technitium DNS Server excessive DNSSEC requests

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: bind (UTSA-2026-021471)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021471 advisory. If a BIND resolver is performing DNSSEC validation and encounters a maliciously crafted zone, the resolver may consume excessive CPU. Authoritative-only servers are...

bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone

A flaw was found in BIND. A remote attacker could exploit this vulnerability by sending a maliciously crafted DNSSEC-validated zone to a BIND resolver. This could cause the resolver to consume excessive CPU resources, leading to a denial of service DoS for legitimate users...