37 matches found
CVE-2025-11411
NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2025-1468)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2024-8508
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-2943)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2 : unbound (ALAS-2024-2650)
The version of unbound installed on the remote host is prior to 1.7.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2650 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i...
Amazon Linux 2 : unbound (ALASUNBOUND-2024-003)
The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-003 advisory. NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets...
PT-2024-39063
Name of the Vulnerable Software and Affected Versions: NLnet Labs Unbound versions 1.21.0 and earlier Description: The issue arises when handling replies with very large RRsets that require name compression. Malicious upstream responses with very large RRsets can cause Unbound to spend a...
Fedora 39 : unbound (2024-3b173364d4)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3b173364d4 advisory. - Use the origin DNAME TTL for synthesized CNAMEs as per RFC 6672. - Bug fixes https://nlnetlabs.nl/projects/unbound/download/unbound-1-19-3 Tenable has...
Fedora 38 : unbound (2024-5bfa220621)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-5bfa220621 advisory. - Use the origin DNAME TTL for synthesized CNAMEs as per RFC 6672. - Bug fixes https://nlnetlabs.nl/projects/unbound/download/unbound-1-19-3 Tenable has...
Infinite Loop
NLnet Labs Unbound is vulnerable to Infinite Loop. The vulnerability is due to a certain code path in Unbound which can lead to an infinite loop, causing denial of service. Due to an unchecked condition, the code trimming the text of the EDE records could loop indefinitely. This occurs when Unbou...
CVE-2024-1931
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's...
NLnet Labs Unbound Security Vulnerability
NLnet Labs Unbound is an open source DNS server from the Dutch NLnet Labs team. A security vulnerability exists in NLnet Labs Unbound versions 1.18.0 through 1.19.1, which stems from an infinite loop in a specific code path, resulting in a denial of service...
Rocky Linux 8 : unbound (RLSA-2022:7622)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7622 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-2215)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2022 : python3-unbound, unbound, unbound-anchor (ALAS2022-2023-265)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-265 advisory. NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an Unbound instance. Unbound is queri...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1206)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
AlmaLinux 9 : unbound (ALSA-2022:8062)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8062 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...
Oracle Linux 8 : unbound (ELSA-2022-7622)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7622 advisory. 1.16.2-2 - Require openssl tool for unbound-keygen 2018806 1.16.2-1 - Update to 1.16.2 2027735 1.16.0-2 - Restart keygen service before every unbound...
AlmaLinux 8 : unbound (ALSA-2022:7622)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7622 advisory. - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by...
EulerOS 2.0 SP10 : unbound (EulerOS-SA-2022-2670)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the 'ghost domain names' attack. The vulnerability work...