13 matches found
Advisory ROSA-SA-2026-3203
Software: unbound 1.16.2 OS: ROSA Virtualization 2.1 unaffected versions = unbound-1.16.2-5.9.rv3 affected versions unbound-1.16.2-5.9.rv3 CVE-ID: CVE-2025-5994 BDU-ID: 2025-12600 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Unbound DNS server is related to the loading of external unreliable...
unbound: Unbounded name compression could lead to Denial of Service
A flaw was found in Unbound which can lead to degraded performance and an eventual denial of service when handling replies with very large RRsets that require name compression to be applied. Versions prior to 1.21.1 do not have a hard limit on the number of name compression calculations that...
ROS-20240918-06
Vulnerability of DNS-server Unbound is related to the possibility of forming a pulse stream of a large number of requests to the server using responses from DNS resolvers. DNS server Unbound vulnerability is related to the possibility of generating a pulse flow of a large number of requests to th...
ROS-20240827-05
The Unbound DNS server vulnerability is related to the ability of a process outside of the unbound group to reconfigure the of the unbound execution environment. Exploitation of the vulnerability allows an attacker acting remotely to impact the integrity and availability of the system. Impact the...
NLnet Labs Unbound Security Vulnerability
NLnet Labs Unbound is an open source DNS server from the Dutch NLnet Labs team. NLnet Labs Unbound suffers from a security vulnerability that stems from incorrect default permissions, allowing an unprivileged attacker to manipulate a running instance...
K33101555: Nettle cryptography library vulnerability CVE-2021-20305
Security Advisory Description A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in...
The vulnerability of the `regionalloc` function in the `util/regional.c` component of the DNS server Unbound allows a attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the regionalloc function in the util/regional.c component of the DNS server Unbound is related to integer overflow. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the dnsc_load_local_data function in the DNS server Unbound allows a hacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the dnscloadlocaldata function in the Unbound DNS server is related to integer overflow. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the ALIGN_UP macro in the Unbound DNS server allows a attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the ALIGNUP macro in the Unbound DNS server is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data, compromise its integrity, and even cause service failures...
PT-2019-6140 · Nlnet +8 · Unbound +8
Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to the synth cname function in the Unbound DNS server, which may lead to an assertion failure and denial of service. However, the vendor disputes that this is a vulnerability,...
PT-2019-6126 · Nlnet +8 · Unbound +8
Name of the Vulnerable Software and Affected Versions: Unbound versions prior to 1.9.5 Description: The issue is related to the function dname pkt copy in the Unbound DNS server, which may allow a remote attacker to cause a denial of service due to an assertion failure when handling a compressed...
CVE-2019-18934
A shell command injection vulnerability was discovered in the way unbound handles DNS queries for systems with a public key used for IPsec. When ipsecmod is enabled, a malicious DNS server could send a DNS reply which would be used during a following DNS query to execute shell commands with the...
Unbound DNS Server < 1.3.4 NSEC3 Signature Verification DNS Spoofing Vulnerability
Unbound DNS Server is prone to a DNS-spoofing vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:unbound:unbound";...