Nlnetlabs: >> Unbound >> 1.4.0 Security Vulnerabilities
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVSS Score
7.5
EPSS Score
0.012
Published
2019-10-03
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
CVSS Score
5.3
EPSS Score
0.007
Published
2018-01-23
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVSS Score
4.3
EPSS Score
0.105
Published
2014-12-11
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
CVSS Score
5.0
EPSS Score
0.002
Published
2011-06-02
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
CVSS Score
4.3
EPSS Score
0.012
Published
2011-05-31
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.014
Published
2010-03-16
Page 3