Vulnerabilities > Nlnetlabs > Unbound > 1.4.13
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
2021-04-27 | CVE-2019-25041 | Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. | 7.5 |
2021-04-27 | CVE-2019-25039 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. | 9.8 |
2021-04-27 | CVE-2019-25034 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. | 9.8 |
2021-04-27 | CVE-2019-25032 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. | 9.8 |
2021-04-27 | CVE-2019-25042 | Out-of-bounds Write vulnerability in multiple products Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. | 9.8 |
2021-04-27 | CVE-2019-25040 | Infinite Loop vulnerability in multiple products Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. | 7.5 |
2021-04-27 | CVE-2019-25033 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. | 9.8 |
2021-04-27 | CVE-2019-25038 | Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. | 9.8 |
2021-04-27 | CVE-2019-25037 | Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. | 7.5 |