CVSS: 4.3EPSS: 59%CPEs: 4EXPL: 0CVE-2014-8602 – unbound: specially crafted request can lead to denial of service
https://notcve.org/view.php?id=CVE-2014-8602
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. iterator.c en NLnet Labs Unbound anterior a 1.5.1 no limita el encadenamiento de la delegación, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un número grande o infinito de remisiones. A denial of service flaw was found in unbound that an attacker could use to trick the unbound resolver into following an endless loop of delegations, consuming an excessive amount of resources. • http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://unbound.net/downloads/patch_cve_2014_8602.diff http://www.debian.org/security/2014/dsa-3097 http://www.kb.cert.org/vuls/id/264212 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/71589 http://www.ubuntu.com/usn/USN-2484-1 https://unbound.net/downloads/CVE-2014-8602.txt https://access.redhat.com/security/cve/CVE-2014-8602 https:/ • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3209
https://notcve.org/view.php?id=CVE-2014-3209
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. La herramienta Idns-keygen en Idns 1.6.x utiliza la umask actual para configurar los privilegios de la clave privada, lo que podría permitir a usuarios locales obtener la clave privada mediante la lectura del archivo. • http://www.openwall.com/lists/oss-security/2014/05/03/2 http://www.openwall.com/lists/oss-security/2014/05/05/4 http://www.securityfocus.com/bid/67200 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758 https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 2%CPEs: 21EXPL: 0CVE-2012-2978
https://notcve.org/view.php?id=CVE-2012-2978
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet. query.c en NSD v3.0.x hasta v3.0.8, v3.1.x hasta v3.1.1, y v3.2.x antes de v3.2.12 permite a atacantes remotos causar una denegación de servicio (eliminar la referencia del puntero NULL y caída en un proceso hijo) a través de un paquete DNS modificado. • http://osvdb.org/84097 http://secunia.com/advisories/49795 http://secunia.com/advisories/49997 http://www.debian.org/security/2012/dsa-2515 http://www.kb.cert.org/vuls/id/624931 http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt http://www.securityfocus.com/bid/54606 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 13%CPEs: 26EXPL: 0CVE-2011-3581
https://notcve.org/view.php?id=CVE-2011-3581
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length. Desboramiento de buffer basado en memoria dinámica en la función ldns_rr_new_frm_str_internal en ldns antes de v1.6.11, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de un Resource Record (RR) con una entrada que contiene un tipo desconocido más largo del tamaño especificado • http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog http://seclists.org/oss-sec/2011/q3/503 http://seclists.org/oss-sec/2011/q3/542 http://secunia.com/advisories&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 22EXPL: 0CVE-2011-1922
https://notcve.org/view.php?id=CVE-2011-1922
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. daemon/worker.c de Unbound 1.x anteriores a 1.4.10, cuando la funcionalidad de depuración de errores ("debugging") y la opción de "interface-automatic" están activadas, permite a atacantes remotos provocar una denegación de servicio (fallo en aserción y finalización del demonio) a través de una petición DNS modificada que provoca un manejo de error incorrecto. • http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html http://osvdb.org/72750 http://secunia.com/advisories/44865 http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt http://www.kb.cert.org/vuls/id/531342 http://www.securityfocus.com/bid/47986 https://exchange.xforce.ibmcloud.com/vulnerabilities/67645 • CWE-399: Resource Management Errors •