Shodan
Vulnerabilities
Vulnerable Software
Nlnetlabs:  Security Vulnerabilities
CVE-2012-2978
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
CVSS Score
5.0
EPSS Score
0.092
Published
2012-07-27
CVE-2011-3581
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
CVSS Score
6.8
EPSS Score
0.041
Published
2011-11-04
CVE-2009-4008
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
CVSS Score
5.0
EPSS Score
0.027
Published
2011-06-02
CVE-2011-1922
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
CVSS Score
4.3
EPSS Score
0.071
Published
2011-05-31
CVE-2010-0969
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.026
Published
2010-03-16
CVE-2009-3602
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
CVSS Score
7.5
EPSS Score
0.03
Published
2009-10-13
CVE-2009-1755
Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.
CVSS Score
5.0
EPSS Score
0.032
Published
2009-05-22
CVE-2009-1086
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
CVSS Score
6.4
EPSS Score
0.035
Published
2009-03-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved