Vulnerabilities > Nlnetlabs > Unbound

DATE CVE VULNERABILITY TITLE RISK
2021-04-27 CVE-2019-25033 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
network
low complexity
nlnetlabs debian CWE-190
critical
9.8
2021-04-27 CVE-2019-25038 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
network
low complexity
nlnetlabs debian CWE-190
critical
9.8
2021-04-27 CVE-2019-25037 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
network
low complexity
nlnetlabs debian CWE-617
7.5
2021-04-27 CVE-2019-25036 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
network
low complexity
nlnetlabs debian CWE-617
7.5
2021-04-27 CVE-2019-25035 Out-of-bounds Write vulnerability in multiple products
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.
network
low complexity
nlnetlabs debian CWE-787
critical
9.8
2021-04-27 CVE-2019-25031 Injection vulnerability in multiple products
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.
network
high complexity
nlnetlabs debian CWE-74
5.9
2020-12-07 CVE-2020-28935 Link Following vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack.
local
low complexity
nlnetlabs debian CWE-59
5.5
2020-11-27 CVE-2020-10772 Resource Exhaustion vulnerability in Nlnetlabs Unbound 1.6.65
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414.
network
low complexity
nlnetlabs CWE-400
7.5
2020-05-19 CVE-2020-12663 Infinite Loop vulnerability in multiple products
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
7.5
2020-05-19 CVE-2020-12662 Resource Exhaustion vulnerability in multiple products
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue.
7.5