12 matches found
[SECURITY] Fedora 43 Update: unbound-1.25.1-1.fc43
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
[SECURITY] Fedora 43 Update: unbound-1.24.2-1.fc43
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
[SECURITY] Fedora 43 Update: unbound-1.24.1-1.fc43
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
[SECURITY] Fedora 41 Update: unbound-1.23.1-1.fc41
Unbound is a validating, recursive, and caching DNSSEC resolver. The C implementation of Unbound is developed and maintained by NLnet Labs. It is based on ideas and algorithms taken from a java prototype developed by Verisign labs, Nominet, Kirei and ep.net. Unbound is designed as a set of modula...
GHSA-CRJG-W57M-RQQF DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
GHSA-MMWX-RJ87-VFGR DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Impact Users using the ValidatingResolver for DNSSEC validation can run into CPU exhaustion with specially crafted DNSSEC-signed zones. Patches Users should upgrade to dnsjava v3.6.0 Workarounds Although not recommended, only using a non-validating resolver, will remove the vulnerability...
PT-2024-21058 · Dnsjava +2 · Dnsjava +2
Name of the Vulnerable Software and Affected Versions: dnsjava versions prior to 3.6.0 Description: The issue arises from dnsjava not checking the relevance of records in DNS replies to the query, allowing an attacker to respond with records from different zones. This can lead to applications...
SUSE CVE-2023-2829
A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache RFC 8198 option synth-from-dnssec enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through...
bind: malformed DNSSEC key failed assertion denial of service
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query for example, a query requiring a response from a zone containing a deliberately malformed key that would cause named functioning as ...
bind: malformed DNSSEC key failed assertion denial of service
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query for example, a query requiring a response from a zone containing a deliberately malformed key that would cause named functioning as ...