cbcvebase.
CVE-2014-8602
published 2014-12-11

CVE-2014-8602: iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU…

PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
25.20%
97.7th percentile
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

Affected

9 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianunbound< unbound 1.4.22-3 (bookworm)unbound 1.4.22-3 (bookworm)
nlnetlabsunbound<= 1.5.0
nlnetlabsunbound>= 0 < 1.4.22-31.4.22-3
nlnetlabsunbound>= 0 < 1.4.22-31.4.22-3
nlnetlabsunbound>= 0 < 1.4.22-31.4.22-3
nlnetlabsunbound>= 0 < 1.4.22-31.4.22-3

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.