23 matches found
USN-7855-1 unbound vulnerability
Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Unbound incorrectly handled certain promiscuous NS RRSets. A remote attacker could possibly use this issue to perform a domain hijack attack...
EUVD-2009-1087
Malware in sbrugna...
OSV-2025-485 Use-of-uninitialized-value in pcpp::IDnsResource::decodeName
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=426843906 Crash type: Use-of-uninitialized-value Crash state: pcpp::IDnsResource::decodeName pcpp::IDnsResource::IDnsResource pcpp::DnsLayer::parseResources...
Linux Distros Unpatched Vulnerability : CVE-2024-55628
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name...
ALSA-2025:1670 Important: bind9.18 security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
CVE-2024-55628 Suricata oversized resource names utilizing DNS name compression can lead to resource starvation
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...
CVE-2024-55628
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...
CVE-2024-55628
Suricata is affected by CVE-2024-55628 due to DNS resource name compression before version 7.0.8, which can produce small DNS messages with very large hostnames and generate oversized log records. The issue has been addressed in Suricata 7.0.8 and later. (Supported by PTSecurity/PT-2025-48205, PT...
EulerOS Virtualization 2.12.0 : bind (EulerOS-SA-2024-2765)
According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname of any RTYPE can suffer...
CLSA-2024-1727979720 Fix CVE(s): CVE-2024-1737
SECURITY UPDATE: allocation of resources without limits or throttling - debian/patches/CVE-2024-1737-1: introduced new configurable limits that prevent the loading into zones or into cache of DNS resource records RRs that exceed them - debian/patches/CVE-2024-1737-2: add environment variable...
CLSA-2024-1726841080 bind: Fix of 2 CVEs
CVE-2024-1737-1: introduced new configurable limits that prevent the loading into zones or into cache of DNS resource records RRs that exceed them - CVE-2024-1737-2: add environment variable DNSRDATASETMAXRECORDS, DNSRBTDBMAXRTYPES to override hardcoded limits DDNSRDATASETMAXRECORDS and...
HackerOne: Missing Certificate Authority Authorization rule
Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...
Gratipay: Missing Certificate Authority Authorization rule
Hi Team, Summary Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless...
APPLE-SA-2012-03-07-3 Apple TV 5.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-03-07-3 Apple TV 5.0 Apple TV 5.0 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation Impact: Applications that use the libresolv library may be vulnerable to an unexpected application terminatio...
openSUSE Security Update : unbound (unbound-840)
This update fixes a heap-based buffer overflow in the ldnsrrnewfrmstrinternal function. This allowed remote attackers to cause a denial of service and possibly execute arbitrary code via a DNS resource record RR with a long class field and possibly TTL field. CVE-2009-1086 %NASLMINLEVEL 70300 C...
CVE-2009-1086
Heap-based buffer overflow in the ldnsrrnewfrmstrinternal function in ldns 1.4.x allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a DNS resource record RR with a long 1 class field clas variable and possibly 2 TTL field...
DEBIAN-CVE-2009-1086
Heap-based buffer overflow in the ldnsrrnewfrmstrinternal function in ldns 1.4.x allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a DNS resource record RR with a long 1 class field clas variable and possibly 2 TTL field...
CVE-2009-1086
Heap-based buffer overflow in the ldnsrrnewfrmstrinternal function in ldns 1.4.x allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a DNS resource record RR with a long 1 class field clas variable and possibly 2 TTL field...
Heap overflow
Heap-based buffer overflow in the ldnsrrnewfrmstrinternal function in ldns 1.4.x allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a DNS resource record RR with a long 1 class field clas variable and possibly 2 TTL field...
CVE-2009-1086
Heap-based buffer overflow in the ldnsrrnewfrmstrinternal function in ldns 1.4.x allows remote attackers to cause a denial of service memory corruption and possibly execute arbitrary code via a DNS resource record RR with a long 1 class field clas variable and possibly 2 TTL field...