CVE-2011-4528 — Unbound vulnerability

CWE-3996 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

2.9%

top 13.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nlnetlabs Unbound Unbound

Timeline

PublishedDec 20

Latest updateMay 17

Description

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiannlnetlabs/unbound< 1.4.14-1+3

▶NVDunbound/unbound1.4.13+40

Patches

Patch: unbound.nlnetlabs.nl ↗Patch: www.kb.cert.org ↗Patch: unbound.nlnetlabs.nl ↗

🔴Vulnerability Details

GHSA

GHSA-q376-m379-55x8: Unbound before 1↗2022-05-17

▶

OSV

CVE-2011-4528: Unbound before 1↗2011-12-20

▶

CVEList

CVE-2011-4528: Unbound before 1↗2011-12-20

▶

📋Vendor Advisories

Debian

CVE-2011-4528: unbound - Unbound before 1.4.13p2 attempts to free unallocated memory during processing of...↗2011

▶

💬Community

Bugzilla

CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes↗2011-12-19

▶