7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
NLnet Labs Unbound is vulnerable to Infinite Loop. The vulnerability is due to a certain code path in Unbound which can lead to an infinite loop, causing denial of service. Due to an unchecked condition, the code trimming the text of the EDE records could loop indefinitely. This occurs when Unbound replies with attached EDE information on a positive reply and the client’s buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the ‘ede: yes’ option is used, which is a non-default configuration.
lists.fedoraproject.org/archives/list/[email protected]/message/4VCBRQ7KMSIGBQ6A4SBL5PF326DIJIIV/
lists.fedoraproject.org/archives/list/[email protected]/message/B2JUIFPA7H75Q2W3VXW2TUNHK6NVGOX4/
lists.fedoraproject.org/archives/list/[email protected]/message/RBR4H7RCVMJ6H76S4LLRSY5EBFTYWGXK/
lists.freebsd.org/archives/freebsd-security/2024-July/000283.html
security-tracker.debian.org/tracker/CVE-2024-1931
www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%