Vulnerabilities > Nlnetlabs > Unbound

DATE CVE VULNERABILITY TITLE RISK
2024-02-14 CVE-2023-50387 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue.
7.5
2022-09-26 CVE-2022-3204 Resource Exhaustion vulnerability in multiple products
A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software.
network
low complexity
nlnetlabs fedoraproject CWE-400
7.5
2022-08-01 CVE-2022-30698 Insufficient Session Expiration vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack.
network
low complexity
nlnetlabs fedoraproject CWE-613
6.5
2022-08-01 CVE-2022-30699 Insufficient Session Expiration vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack.
network
low complexity
nlnetlabs fedoraproject CWE-613
6.5
2021-04-27 CVE-2019-25041 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-617
7.5
2021-04-27 CVE-2019-25039 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
network
low complexity
nlnetlabs debian CWE-190
critical
9.8
2021-04-27 CVE-2019-25034 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.
network
low complexity
nlnetlabs debian CWE-190
critical
9.8
2021-04-27 CVE-2019-25032 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.
network
low complexity
nlnetlabs debian CWE-190
critical
9.8
2021-04-27 CVE-2019-25042 Out-of-bounds Write vulnerability in multiple products
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
network
low complexity
nlnetlabs debian CWE-787
critical
9.8
2021-04-27 CVE-2019-25040 Infinite Loop vulnerability in multiple products
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-835
7.5