CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15105
https://notcve.org/view.php?id=CVE-2017-15105
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. Se ha encontrado un error en la forma en la que unbound, en versiones anteriores a la 1.6.8, validaba los registros NSEC sintetizados con caracteres comodín. Un registro con caracteres comodín NSEC validado incorrectamente podría emplearse para probar la falta (respuesta NXDOMAIN) de un registro de caracteres comodín, o engañar a unbound para que acepte una prueba NODATA. • http://www.securityfocus.com/bid/102817 https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html https://unbound.net/downloads/CVE-2017-15105.txt https://usn.ubuntu.com/3673-1 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 4.3EPSS: 59%CPEs: 4EXPL: 0CVE-2014-8602 – unbound: specially crafted request can lead to denial of service
https://notcve.org/view.php?id=CVE-2014-8602
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. iterator.c en NLnet Labs Unbound anterior a 1.5.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un número grande o infinito de remisiones. A denial of service flaw was found in unbound that an attacker could use to trick the unbound resolver into following an endless loop of delegations, consuming an excessive amount of resources. • http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://unbound.net/downloads/patch_cve_2014_8602.diff http://www.debian.org/security/2014/dsa-3097 http://www.kb.cert.org/vuls/id/264212 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/71589 http://www.ubuntu.com/usn/USN-2484-1 https://unbound.net/downloads/CVE-2014-8602.txt https://access.redhat.com/security/cve/CVE-2014-8602 https:/ • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.4EPSS: 0%CPEs: 37EXPL: 0CVE-2012-1192
https://notcve.org/view.php?id=CVE-2012-1192
The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. El resolver en Unbound anterior a v1.4.11 sobrescribe los nombres de caché del servidor y los valores TTL en los registros NS durante la tramitación de una respuesta a una consulta de registro A, permitiendo a atacantes remotos provocar la resolubilidad continuada de nombres de dominio revocados a través de un ataque de "nombres de dominio fantasma" (ghost domain names) • https://www.isc.org/files/imce/ghostdomain_camera.pdf •
CVSS: 5.0EPSS: 0%CPEs: 41EXPL: 0CVE-2011-4528
https://notcve.org/view.php?id=CVE-2011-4528
Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response. Unbound antes de v1.4.13p2 intenta liberar memoria sin asignar durante el procesado de registros CNAME duplicados, lo que permite a servidores DNS remotos provocar una denegación de servicio (caída del demonio) a través de una respuesta modificada. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071535.html http://osvdb.org/77909 http://secunia.com/advisories/47326 http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt http://www.debian.org/security/2011/dsa-2370 http://www.kb.cert.org/vuls/id/209659 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 39EXPL: 0CVE-2011-4869
https://notcve.org/view.php?id=CVE-2011-4869
validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528. validator/val_nsec3.c en Unbound antes de v1.4.13p2, no realiza adecuadamente el postprocesamiento de la prueba para zonas NSEC3-signed, lo que permite a servidores DNS remotos provocar una denegación de servicio (caída del demonio) a través de una respuesta con formato incorrecto que carece de registros NSEC3 esperados. Una vulnerabilidad diferente de CVE-2011-4528. • http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071525.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071535.html http://osvdb.org/77910 http://secunia.com/advisories/47326 http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt http://www.debian.org/security/2011/dsa-2370 http://www.kb.cert.org/vuls/id/209659 https://exchange.xforce.ibmcloud.com/vulnerabilities/71868 • CWE-399: Resource Management Errors •