Page 2 of 33 results (0.029 seconds)

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. • https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5L3ZFWZZFPBIL654BG75RWXUMPFQJ5EC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D35CX4SCZVNKZTWJXPDFTHWZHINMGEZD https://security.gentoo.org/glsa/202212-02 https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt https://access.redhat.com/security/cve/CVE-2022-30698 https://bugzilla.redhat.com • CWE-613: Insufficient Session Expiration •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite la inyección de configuración en el archivo create_unbound_ad_servers.sh tras un ataque de tipo man-in-the-middle con éxito contra una sesión HTTP de texto sin cifrar. NOTA: El proveedor no considera que esto sea una vulnerabilidad del software de Unbound. create_unbound_ad_servers.sh es un script contribuido por la comunidad que facilita la creación automática de la configuración. No forma parte de la instalación de Unbound • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en el asignador regional por medio de la función regional_alloc. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25032 https://bugzilla.redhat.com/show_bug.cgi?id=1954772 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en el asignador regional por medio de la macro ALIGN_UP. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25033 https://bugzilla.redhat.com/show_bug.cgi?id=1954775 • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en la función sldns_str2wire_dname_buf_origin, conllevando a una escritura fuera de límites. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25034 https://bugzilla.redhat.com/show_bug.cgi?id=1954778 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •