Unbound

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-14	CVE-2023-50387	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. network low complexity redhat microsoft fedoraproject thekelleys nic powerdns isc nlnetlabs CWE-770	7.5
2022-09-26	CVE-2022-3204	Resource Exhaustion vulnerability in multiple products A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. network low complexity nlnetlabs fedoraproject CWE-400	7.5
2022-08-01	CVE-2022-30698	Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. network low complexity nlnetlabs fedoraproject CWE-613	6.5
2022-08-01	CVE-2022-30699	Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. network low complexity nlnetlabs fedoraproject CWE-613	6.5
2021-04-27	CVE-2019-25041	Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. network low complexity nlnetlabs debian CWE-617	7.5
2021-04-27	CVE-2019-25039	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25034	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25032	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25042	Out-of-bounds Write vulnerability in multiple products Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. network low complexity nlnetlabs debian CWE-787 critical	9.8
2021-04-27	CVE-2019-25040	Infinite Loop vulnerability in multiple products Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. network low complexity nlnetlabs debian CWE-835	7.5