CVSS: 7.5EPSS: 9%CPEs: 10EXPL: 0CVE-2020-12662 – unbound: amplification of an incoming query into a large number of queries directed to a target
https://notcve.org/view.php?id=CVE-2020-12662
19 May 2020 — Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Unbound versiones anteriores a 1.10.1, presenta un Control Insuficiente del Volumen de Mensajes de Red, también se conoce como un problema de "NXNSAttack". Esto es activado por subdominios aleatorios en NSDNAME en registros NS. A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one a... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 0CVE-2020-12663 – unbound: infinite loop via malformed DNS answers received from upstream servers
https://notcve.org/view.php?id=CVE-2020-12663
19 May 2020 — Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Unbound versiones anteriores a 1.10.1, presenta un bucle infinito mediante respuestas DNS malformadas recibidas desde servidores aguas arriba. A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.3EPSS: 1%CPEs: 4EXPL: 1CVE-2019-18934 – unbound: command injection with data coming from a specially crafted IPSECKEY answer
https://notcve.org/view.php?id=CVE-2019-18934
19 Nov 2019 — Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. Unbound versiones 1.6.4 hasta 1.9.4, contiene una vulnerabilidad en el módulo ipsec que puede causar una ejecución de código de shell después de recibir una respuesta especialmente diseñada. Este problema solo pued... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2019-16866 – Ubuntu Security Notice USN-4149-1
https://notcve.org/view.php?id=CVE-2019-16866
03 Oct 2019 — Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. Unbound versiones anteriores a 1.9.4, accede a la memoria no inicializada, lo que permite a atacantes remotos desencadenar un bloqueo por medio de una consulta NOTIFY diseñada. La dirección IP del origen de la consulta debe coincidir con una regla de control de acceso. X41 D-Sec discovered that unbound, a valida... • https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15105 – Ubuntu Security Notice USN-3673-1
https://notcve.org/view.php?id=CVE-2017-15105
23 Jan 2018 — A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. Se ha encontrado un error en la forma en la que unbound, en versiones anteriores a la 1.6.8, validaba los registros NSEC sintetizados con caracteres comodín. Un registro con caracteres comodín NSEC validado incorrectamente podría empl... • http://www.securityfocus.com/bid/102817 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 7.5EPSS: 10%CPEs: 4EXPL: 0CVE-2014-8602 – unbound: specially crafted request can lead to denial of service
https://notcve.org/view.php?id=CVE-2014-8602
11 Dec 2014 — iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. iterator.c en NLnet Labs Unbound anterior a 1.5.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un número grande o infinito de remisiones. A denial of service flaw was found in unbound that... • http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.4EPSS: 0%CPEs: 37EXPL: 0CVE-2012-1192
https://notcve.org/view.php?id=CVE-2012-1192
17 Feb 2012 — The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. El resolver en Unbound anterior a v1.4.11 sobrescribe los nombres de caché del servidor y los valores TTL en los registros NS durante la tramitación de una respuesta a una consulta de registro A, permitiendo a atacantes remotos prov... • https://www.isc.org/files/imce/ghostdomain_camera.pdf •
CVSS: 7.5EPSS: 1%CPEs: 41EXPL: 0CVE-2011-4528 – Gentoo Linux Security Advisory 201311-18
https://notcve.org/view.php?id=CVE-2011-4528
20 Dec 2011 — Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response. Unbound antes de v1.4.13p2 intenta liberar memoria sin asignar durante el procesado de registros CNAME duplicados, lo que permite a servidores DNS remotos provocar una denegación de servicio (caída del demonio) a través de una respuesta modificada. Multiple Denial of Service vulnerabiliti... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 39EXPL: 0CVE-2011-4869 – Gentoo Linux Security Advisory 201311-18
https://notcve.org/view.php?id=CVE-2011-4869
20 Dec 2011 — validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528. validator/val_nsec3.c en Unbound antes de v1.4.13p2, no realiza adecuadamente el postprocesamiento de la prueba para zonas NSEC3-signed, lo que permite a servidores DNS remotos provocar una denegación de servicio (... • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2009-4008
https://notcve.org/view.php?id=CVE-2009-4008
02 Jun 2011 — Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query. Unbound, antes de v1.4.4 no envía respuestas para las zonas firmadas después de un mal manejo de una consulta no especificada, lo que permite a atacantes remotos provocar una denegación de servicio (falta de DNSSEC) a través de una consulta hecha a mano. • http://packages.debian.org/changelogs/pool/main/u/unbound/unbound_1.4.6-1/changelog • CWE-399: Resource Management Errors •