Vulnerabilities > Nlnetlabs > Unbound > 0.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-27 | CVE-2019-25033 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. | 9.8 |
| 2021-04-27 | CVE-2019-25038 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. | 9.8 |
| 2021-04-27 | CVE-2019-25037 | Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. | 7.5 |
| 2021-04-27 | CVE-2019-25036 | Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. | 7.5 |
| 2021-04-27 | CVE-2019-25035 | Out-of-bounds Write vulnerability in multiple products Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. | 9.8 |
| 2021-04-27 | CVE-2019-25031 | Injection vulnerability in multiple products Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. | 5.9 |
| 2020-12-07 | CVE-2020-28935 | Link Following vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. | 5.5 |
| 2020-05-19 | CVE-2020-12663 | Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 |
| 2020-05-19 | CVE-2020-12662 | Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. | 7.5 |
| 2019-10-03 | CVE-2019-16866 | Use of Uninitialized Resource vulnerability in multiple products Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. | 7.5 |