CVE-2026-44390

CVE-2026-44390 affects NLnet Labs Unbound up to 1.25.0. Malicious upstream responses with very large RRsets trigger an unbounded name compression operation, potentially locking CPU and causing degraded performance or denial of service. Unbound 1.25.1 includes a patch that increments the compressi...

The vulnerability of the Unbound DNS server, which is related to external system control or configuration settings, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Unbound DNS server relates to the ability for processes outside the Unbound group to modify the configuration of the Unbound execution environment. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of th...

NLnet Labs Unbound Security Vulnerability

NLnet Labs Unbound is an open source DNS server from the Dutch NLnet Labs team. A security vulnerability exists in NLnet Labs Unbound that originates from allowing a remote attacker to cause a denial of service resource consumption by scheduling DNS query accumulation...

The vulnerability of the Unbound DNS server lies in its ability to generate a burst of requests to the server using responses from DNS resolvers. This allows a hacker to execute a DDoS attack by utilizing DNS traffic.

The vulnerability of the Unbound DNS server relates to the possibility of generating an impulsive flow of numerous requests to the server, using responses from DNS resolvers. Exploiting this vulnerability allows a malicious actor to carry out a DDoS attack by utilizing DNS traffic...

The vulnerability of the Unbound DNS server, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of the Unbound DNS server is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the Unbound DNS server, related to incorrect session expiration times, allows attackers to gain access to confidential data.

The vulnerability of the Unbound DNS server is related to incorrect session expiration times. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

The vulnerability of the Unbound DNS-server module allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Unbound DNS-server module involves a lack of measures for securing input data. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...

DEBIAN-CVE-2022-30699

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue...

The vulnerability of the dname_pkt_copy function in the DNS server Unbound, allowing a hacker to cause a service failure

The vulnerability of the dnamepktcopy function in the Unbound DNS server is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the dname_pkt_copy function in the DNS server Unbound, allowing a hacker to cause a service failure

The vulnerability of the dnamepktcopy function in the Unbound DNS server is related to the insufficient use of the assert function. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the sldns_str2wire_dname_buf_origin function in the DNS server Unbound allows a hacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the sldnsstr2wirednamebuforigin function in the DNS server’s Unbound component is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures...

ALPINE-CVE-2020-28935

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for...

The vulnerability of the Unbound DNS server, related to the execution of operations beyond the buffer in memory, allows attackers to cause a service failure.

The vulnerability of the Unbound DNS server is related to an error in processing certain NOTIFY requests. Exploiting this vulnerability could allow a malicious actor to cause a service failure...