CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13207
https://notcve.org/view.php?id=CVE-2019-13207
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. nsd-checkzone en NLnet Labs NSD versión 4.2.0 tiene un Desbordamiento de búfer basado en pila en la función dname_concatenate () en dname.c. • https://github.com/NLnetLabs/nsd/issues/20 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FDS4H7WVHQGCX3LF72F5K22VJXN7HDBB • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15105
https://notcve.org/view.php?id=CVE-2017-15105
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. Se ha encontrado un error en la forma en la que unbound, en versiones anteriores a la 1.6.8, validaba los registros NSEC sintetizados con caracteres comodín. Un registro con caracteres comodín NSEC validado incorrectamente podría emplearse para probar la falta (respuesta NXDOMAIN) de un registro de caracteres comodín, o engañar a unbound para que acepte una prueba NODATA. • http://www.securityfocus.com/bid/102817 https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html https://unbound.net/downloads/CVE-2017-15105.txt https://usn.ubuntu.com/3673-1 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000232
https://notcve.org/view.php?id=CVE-2017-1000232
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. Una vulnerabilidad de doble liberación (double free) en str2host.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000231
https://notcve.org/view.php?id=CVE-2017-1000231
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. Una vulnerabilidad de doble liberación (double free) en parse.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 • CWE-415: Double Free •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-6173
https://notcve.org/view.php?id=CVE-2016-6173
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. NSD en versiones anteriores a 4.1.11 permite a servidores DNS maestros remotos provocar una denegación de servicio (/tmp consumo de disco y caída del servidor esclavo) a través de una trasferencia de zona con datos ilimitados.. • http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES http://www.openwall.com/lists/oss-security/2016/07/06/3 http://www.openwall.com/lists/oss-security/2016/07/06/4 http://www.securityfocus.com/bid/91678 https://github.com/sischkg/xfer-limit/blob/master/README.md https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html https://www.nlnetlabs.nl/bugs-script/show • CWE-399: Resource Management Errors •