This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nlnetlabs First view 2009-10-13
Product Unbound Last view 2020-05-19
Version 1.2.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:nlnetlabs:unbound

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-05-19 CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

7.5 2020-05-19 CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.3 2019-11-19 CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

7.5 2019-10-03 CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

5.3 2018-01-23 CVE-2017-15105

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

4.3 2014-12-10 CVE-2014-8602

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

5 2011-06-02 CVE-2009-4008

Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.

4.3 2011-05-31 CVE-2011-1922

daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.

5 2010-03-16 CVE-2010-0969

Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

7.5 2009-10-13 CVE-2009-3602

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

CWE : Common Weakness Enumeration

%idName
44% (4) CWE-399 Resource Management Errors
22% (2) CWE-20 Improper Input Validation
11% (1) CWE-755 Improper Handling of Exceptional Conditions
11% (1) CWE-674 Uncontrolled Recursion
11% (1) CWE-310 Cryptographic Issues

Open Source Vulnerability Database (OSVDB)

id Description
73253 Unbound Signed Zone Query Response DNSSEC Outage Remote DoS
72750 Unbound daemon/worker.c DNS Request Error Handling Remote DoS
62903 Unbound on 64-bit Memory Alignment Remote DoS
58836 Unbound NSEC3 Record Signature Check Validation Bypass

OpenVAS Exploits

id Description
2012-02-12 Name : Gentoo Security Advisory GLSA 201110-12 (unbound)
File : nvt/glsa_201110_12.nasl
2012-01-09 Name : Fedora Update for unbound FEDORA-2011-17337
File : nvt/gb_fedora_2011_17337_unbound_fc15.nasl
2011-08-03 Name : Debian Security Advisory DSA 2243-1 (unbound)
File : nvt/deb_2243_1.nasl
2011-08-03 Name : FreeBSD Ports: unbound
File : nvt/freebsd_unbound.nasl
2011-06-10 Name : Fedora Update for unbound FEDORA-2011-7555
File : nvt/gb_fedora_2011_7555_unbound_fc14.nasl
2011-06-03 Name : Unbound DNS Resolver Remote Denial of Service Vulnerability
File : nvt/gb_unbound_47986.nasl
2010-03-15 Name : Unbound 'sock_list' Structure Allocation Remote Denial Of Service Vulnerability
File : nvt/gb_unbound_38701.nasl
2010-01-04 Name : Unbound DNS Server NSEC3 Signature Verification DNS Spoofing Vulnerability
File : nvt/unbound_37459.nasl
2009-12-30 Name : Debian Security Advisory DSA 1963-1 (unbound)
File : nvt/deb_1963_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a10a19e06a.nasl - Type: ACT_GATHER_INFO
2018-01-31 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69316c5b7a.nasl - Type: ACT_GATHER_INFO
2018-01-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1264.nasl - Type: ACT_GATHER_INFO
2018-01-22 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8d3bae09fd2811e795f2005056925db4.nasl - Type: ACT_GATHER_INFO
2016-01-12 Name: The remote name server is affected by a denial of service vulnerability.
File: unbound_1_5_1.nasl - Type: ACT_GATHER_INFO
2015-12-22 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20151119_unbound_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2015-12-02 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2015-2455.nasl - Type: ACT_GATHER_INFO
2015-11-24 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2015-2455.nasl - Type: ACT_GATHER_INFO
2015-11-20 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2015-2455.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-107.nasl - Type: ACT_GATHER_INFO
2015-01-27 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-2484-1.nasl - Type: ACT_GATHER_INFO
2014-12-26 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-800.nasl - Type: ACT_GATHER_INFO
2014-12-26 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL15931.nasl - Type: ACT_GATHER_INFO
2014-12-22 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16671.nasl - Type: ACT_GATHER_INFO
2014-12-22 Name: The remote Fedora host is missing a security update.
File: fedora_2014-16647.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3097.nasl - Type: ACT_GATHER_INFO
2014-12-09 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_10d735297f4b11e4af6600215af774f0.nasl - Type: ACT_GATHER_INFO
2011-10-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201110-12.nasl - Type: ACT_GATHER_INFO
2011-06-10 Name: The remote name server is affected by a denial of service vulnerability.
File: unbound_1_4_4.nasl - Type: ACT_GATHER_INFO
2011-06-10 Name: The remote name server is affected by a denial of service vulnerability.
File: unbound_1_4_10.nasl - Type: ACT_GATHER_INFO
2011-06-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2243.nasl - Type: ACT_GATHER_INFO
2011-06-07 Name: The remote Fedora host is missing a security update.
File: fedora_2011-7555.nasl - Type: ACT_GATHER_INFO
2011-05-31 Name: The remote Fedora host is missing a security update.
File: fedora_2011-7540.nasl - Type: ACT_GATHER_INFO
2011-05-26 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_dc96ac1f86b111e09e8500215af774f0.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1963.nasl - Type: ACT_GATHER_INFO