1.6.4

DATE	CVE	VULNERABILITY TITLE	RISK
2024-02-14	CVE-2023-50387	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. network low complexity redhat microsoft fedoraproject thekelleys nic powerdns isc nlnetlabs CWE-770	7.5
2021-04-27	CVE-2019-25041	Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. network low complexity nlnetlabs debian CWE-617	7.5
2021-04-27	CVE-2019-25039	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25034	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25032	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25042	Out-of-bounds Write vulnerability in multiple products Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. network low complexity nlnetlabs debian CWE-787 critical	9.8
2021-04-27	CVE-2019-25040	Infinite Loop vulnerability in multiple products Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. network low complexity nlnetlabs debian CWE-835	7.5
2021-04-27	CVE-2019-25033	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25038	Integer Overflow or Wraparound vulnerability in multiple products Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. network low complexity nlnetlabs debian CWE-190 critical	9.8
2021-04-27	CVE-2019-25037	Reachable Assertion vulnerability in multiple products Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. network low complexity nlnetlabs debian CWE-617	7.5