23 matches found
DNSmasq 安全漏洞
DNSmasq is a DNS configuration tool developed by Simon Kelley. DNSmasq has a security vulnerability, which stems from heap-based out-of-bound reads during DNSSEC verification. This vulnerability allows remote attackers to cause denial-of-service attacks through specially crafted DNS packets...
EUVD-2025-4078
Malicious code in bioql PyPI...
CVE-2025-25188
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...
CVE-2025-25188
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...
CVE-2025-25188
CVE-2025-25188 affects Hickory DNS (Rust-based DNS client/server/resolver). The vulnerability lies in DNSSEC validation: the routines may treat entire RRsets of DNSKEY records as trusted after establishing trust with a single DNSKEY, causing all keys in a zone to be trusted to authenticate other ...
CVE-2025-25188 DNSSEC validation may accept broken authentication chains
Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...
PT-2025-6139 · Crates.Io · Hickory-Proto
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue concerns DNSSEC validation routines, which treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the...
CLSA-2024-1709562964 Fix CVE(s): CVE-2023-50387, CVE-2023-50868
SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multip...
CLSA-2024-1709562163 Fix CVE(s): CVE-2023-50387, CVE-2023-50868
SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multip...
Ubuntu 22.04 LTS / 23.10 : Bind vulnerabilities (USN-6633-1)
The remote Ubuntu 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6633-1 advisory. Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote...
SUSE-SU-2022:3682-1 Security update for bind
This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code fo...
[SECURITY] [DLA 3138-1] bind9 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3138-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 05, 2022 https://wiki.debian.org/LTS -...
RHEL 8 : bind (RHSA-2022:6778)
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6778 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named...
SUSE: Security Advisory (SUSE-SU-2022:3499-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...
SUSE-SU-2022:3500-1 Security update for bind
This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code fo...
SUSE-SU-2022:3499-1 Security update for bind
This update for bind fixes the following issues: - CVE-2022-2795: Fixed potential performance degredation due to missing database lookup limits when processing large delegations bsc1203614. - CVE-2022-38177: Fixed a memory leak that could be externally triggered in the DNSSEC verification code fo...
ALSA-2022:6778 Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
bind: memory leak in ECDSA DNSSEC verification code
A flaw was found in the Bind package. By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program...
bind: memory leaks in EdDSA DNSSEC verification code
A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in...