This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Nlnetlabs First view 2019-10-03
Product Unbound Last view 2020-05-19
Version 1.8.1 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:nlnetlabs:unbound

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-05-19 CVE-2020-12663

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

7.5 2020-05-19 CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

7.3 2019-11-19 CVE-2019-18934

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

7.5 2019-10-03 CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-755 Improper Handling of Exceptional Conditions
33% (1) CWE-674 Uncontrolled Recursion
33% (1) CWE-20 Improper Input Validation