Lucene search
K

41 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in unbound, bind9, dnsmasq

The “Closest Encloser Proof” aspect of the DNS protocol as described in RFC 5155, when the guidance provided in RFC 9276 is skipped enables remote attackers to cause a denial of service resulting in high CPU usage for SHA-1 calculations through DNSSEC responses during a random subdomain attack,...

7.5CVSS7AI score0.81729EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 9:20 a.m.9 views

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS5.7AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 2:59 a.m.3 views

GHSA-3V94-MW7P-V465 hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses

The NSEC3 closest-encloser proof validation in hickory-proto's 0.25.0-alpha.3 ... 0.25.2 and hickory-net's 0.26.0-alpha.1 .. 0.26.0 DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of th...

8.7CVSS5.8AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.6 views

SUSE CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/22 9:38 a.m.10 views

CVE-2026-33258

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

7.5CVSS5.2AI score0.00583EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34322

By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC3 caches...

5.3CVSS5.8AI score0.00583EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

PowerDNS Recursor(pdns_recursor) 安全漏洞

PowerDNS Recursor pdnsrecursor is a domain name resolution server developed by the Dutch company PowerDNS. There is a security vulnerability in PowerDNS Recursor, which stems from the ability of attackers to publish and query specially crafted zones, resulting in the allocation of large entries i...

7.5CVSS5.8AI score0.00583EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.7 views

SUSE SLED15 / SLES15 Security Update : bind (SUSE-SU-2026:1366-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1366-1 advisory. - CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805...

7.5CVSS7.3AI score0.01545EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/09 8:58 a.m.5 views

Security update for bind

This update for bind fixes the following issues: CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations bsc1260805. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.7CVSS7.3AI score0.01545EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/03/29 8:1 a.m.5 views

Excessive NSEC3 iterations cause high CPU load during insecure delegation validation

...

7.5CVSS5.8AI score0.01545EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2026/03/25 11:59 p.m.9 views

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.47-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Fix unbounded NSEC3 iterations when validating referrals...

7.5CVSS5.8AI score0.01545EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Fedora 45 : bind / bind-dyndb-ldap (2026-8db2f80244)

The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-8db2f80244 advisory. Update to 9.18.47 rhbz2440561 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 Source:...

7.5CVSS6AI score0.01545EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : dnsmasq-2.79-31.el8_9.2 (AXSA:2024-7620:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7620:02 advisory. dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can...

7.5CVSS7.8AI score0.99995EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : bind9.16-9.16.23-0.16.el8_9.2.ML.1 (AXSA:2024-7685:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7685:01 advisory. bind9: Parsing large DNS messages may cause excessive CPU load CVE-2023-4408 bind9: Querying RFC 1918 reverse zones may cause an assertion failure...

7.5CVSS8.5AI score0.99995EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2025/01/06 1:36 p.m.4 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/06/13 2:29 a.m.6 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/06/10 8:16 a.m.7 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/05/13 1:34 a.m.5 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/04/30 1:32 p.m.3 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2024/04/15 1:30 a.m.7 views

bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources

A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...

7.5CVSS6.7AI score0.81729EPSS
Exploits1References7
Rows per page
Query Builder