This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nlnetlabs First view 2018-01-23
Product Unbound Last view 2020-05-19
Version 1.6.0 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:nlnetlabs:unbound

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-05-19 CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

7.5 2020-05-19 CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.3 2019-11-19 CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

7.5 2019-10-03 CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

5.3 2018-01-23 CVE-2017-15105

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-20 Improper Input Validation
25% (1) CWE-755 Improper Handling of Exceptional Conditions
25% (1) CWE-674 Uncontrolled Recursion

Nessus® Vulnerability Scanner

id Description
2018-02-07 Name: The remote Fedora host is missing a security update.
File: fedora_2018-a10a19e06a.nasl - Type: ACT_GATHER_INFO
2018-01-31 Name: The remote Debian host is missing a security update.
File: debian_DLA-1264.nasl - Type: ACT_GATHER_INFO
2018-01-31 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69316c5b7a.nasl - Type: ACT_GATHER_INFO
2018-01-22 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_8d3bae09fd2811e795f2005056925db4.nasl - Type: ACT_GATHER_INFO