37 matches found
PT-2026-42125
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0 Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries...
Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
...
Uncontrolled Resource Consumption
dnsjava: dnsjava is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the handling of specially crafted DNSSEC-signed zones, which can result in CPU exhaustion...
systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSE...
CLSA-2024-1709550046 bind: Fix of 2 CVEs
CVE-2023-50387: Resolved CPU exhaustion from specially crafted DNSSEC-signed zone responses - CVE-2023-50868: Resolved CPU exhaustion from DNSSEC-signed zones using NSEC3...
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...
bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled...
SUSE CVE-2009-4008
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service DNSSEC outage via a crafted query...
SUSE CVE-2020-8623
In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...
Mageia: Security Advisory (MGASA-2014-0013)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:0480-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers fo...
ISC BIND NSEC3 Signed Zones Queries DoS Vulnerability (Jan 2016)
ISC BIND is prone to a denial of service DoS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
ISC BIND NSEC3-Signed Zones Queries Processing Denial of Service - Ver2 (CVE-2014-0591)
A denial of service vulnerability exists in ISC BIND. The vulnerability is due to a failure to handle queries for NSEC3-signed zones. A remote attacker may exploit this vulnerability by sending a specially crafted query...
Scientific Linux Security Update : bind97 on SL5.x i386/x86_64 (20140916)
A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. CVE-2014-05...
bind: named crash when handling malformed NSEC3-signed zones
A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash...
Moderate: Red Hat Security Advisory: bind97 security and bug fix update
Updated bind97 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Debian DSA-3023-1 : bind9 - security update
Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause...