Amazon Linux 2023 : python3-unbound, unbound, unbound-anchor (ALAS2023-2026-1756)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1756 advisory. NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep...

CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

SUSE-SU-2026:21677-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Security issues: - CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect bsc1258251. - CVE-2026-4890: DoS vulnerability in the DNSSEC validation bsc1265001. - CVE-2026-4891: heap-based out-of-bounds re...

EUVD-2010-0129

Malware in sbrugna...

CVE-2022-3346

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for...

CVE-2025-25188

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

Hickory DNS's DNSSEC validation may accept broken authentication chains

Summary The DNSSEC validation routines treat entire RRsets of DNSKEY records as trusted once they have established trust in only one of the DNSKEYs. As a result, if a zone includes a DNSKEY with a public key that matches a configured trust anchor, all keys in that zone will be trusted to...

CVE-2025-25188 DNSSEC validation may accept broken authentication chains

Hickory DNS is a Rust based DNS client, server, and resolver. A vulnerability present starting in version 0.8.0 and prior to versions 0.24.3 and 0.25.0-alpha.5 impacts Hickory DNS users relying on DNSSEC verification in the client library, stub resolver, or recursive resolver. The DNSSEC validati...

SUSE-SU-2025:20118-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: - Update to 2.90: CVE-2023-50387, CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses bsc1219823, bsc1219826. Fix reversion in --rev-server introduced in 2.88 which caused breakage if the prefix...

ROS-20240410-24

A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...

Important: dnsmasq

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

Important: unbound

Issue Overview: Certain DNSSEC aspects of the DNS protocol in RFC 4035 and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses when there is a zone with many DNSKEY and RRSIG records, aka the "KeyTrap" issue. The protocol specification...

Medium: systemd

Issue Overview: systemd-resolved accepts records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records. CVE-2023-7008 Affected Packages: systemd Issue Correction: Run dnf update systemd --releasever 2023.3.2024020...

CVE-2022-41787 BIG-IP DNS Express vulnerability CVE-2022-41787

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate...

DNSSECImpl.verifySignature compares strings incorrectly, allowing malicious zones to forge DNSSEC trust chain

Lines of code Vulnerability details Impact DNSSEC allows parent zones to sign for its child zones. To check validity of a signature, RFC4034 3.1.7 requires the Signer's Name in any RRSIG RDATA to contain the zone of covered RRset. This requirement is reasonable since any child zone should be...

Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2020-1595)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2019:3189-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processi...

SUSE-SU-2019:3188-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: Security issues fixed: - CVE-2019-14834: Fixed a memory leak which could have allowed to remote attackers to cause denial of service via DHCP response creation bsc1154849 - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processi...

SUSE-SU-2019:1721-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. bsc1076958 Non-security issue fixed: - Reload system dbus t...

UBUNTU-CVE-2018-14644

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers fo...