Vulnerabilities > Nlnetlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-11 | CVE-2014-8602 | Resource Management Errors vulnerability in multiple products iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | 4.3 |
| 2014-11-16 | CVE-2014-3209 | Permissions, Privileges, and Access Controls vulnerability in Nlnetlabs Ldns The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | 2.1 |
| 2012-07-27 | CVE-2012-2978 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nlnetlabs NSD query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet. | 5.0 |
| 2011-11-04 | CVE-2011-3581 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nlnetlabs Ldns Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length. | 6.8 |
| 2011-06-02 | CVE-2009-4008 | Resource Management Errors vulnerability in Nlnetlabs Unbound Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query. | 5.0 |
| 2011-05-31 | CVE-2011-1922 | Resource Management Errors vulnerability in Nlnetlabs Unbound daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. | 4.3 |
| 2010-03-16 | CVE-2010-0969 | Resource Management Errors vulnerability in Nlnetlabs Unbound Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 5.0 |
| 2009-10-13 | CVE-2009-3602 | Cryptographic Issues vulnerability in Nlnetlabs Unbound Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. | 7.5 |
| 2009-05-22 | CVE-2009-1755 | Numeric Errors vulnerability in Nlnetlabs NSD Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow. | 5.0 |
| 2009-03-25 | CVE-2009-1086 | Resource Management Errors vulnerability in Nlnetlabs Ldns 1.4.0/1.4.1 Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field. | 6.4 |