Vulnerabilities > Nlnetlabs > Unbound
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-03 | CVE-2024-8508 | Improper Validation of Specified Quantity in Input vulnerability in multiple products NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. | 5.3 |
| 2024-03-07 | CVE-2024-1931 | Infinite Loop vulnerability in multiple products NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. | 7.5 |
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2022-09-26 | CVE-2022-3204 | Resource Exhaustion vulnerability in multiple products A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. | 7.5 |
| 2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-08-01 | CVE-2022-30699 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2021-04-27 | CVE-2019-25041 | Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. | 7.5 |
| 2021-04-27 | CVE-2019-25039 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. | 9.8 |
| 2021-04-27 | CVE-2019-25034 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. | 9.8 |
| 2021-04-27 | CVE-2019-25032 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. | 9.8 |