CVE-2009-3602Unbound vulnerability

CWE-3105 documents5 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nlnetlabs Unbound
Timeline
PublishedOct 13
Latest updateMay 2

Description

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debiannlnetlabs/unbound< 1.3.4-1+3
NVDnlnetlabs/unbound1.3.3+24

🔴Vulnerability Details

3
GHSA
GHSA-3xrf-3v7w-582w: Unbound before 12022-05-02
OSV
CVE-2009-3602: Unbound before 12009-10-13
CVEList
CVE-2009-3602: Unbound before 12009-10-13

📋Vendor Advisories

1
Debian
CVE-2009-3602: unbound - Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, whic...2009
CVE-2009-3602 — Nlnetlabs Unbound vulnerability | cvebase