CVE-2014-8602Allocation of Resources Without Limits or Throttling in Unbound

CWE-399CWE-770Allocation of Resources Without Limits or Throttling11 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
7.6%
top 8.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nlnetlabs UnboundCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedDec 11
Latest updateMay 17

Description

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debiannlnetlabs/unbound< 1.4.22-3+3

Also affects: Debian Linux 7.0, Ubuntu Linux 14.04, 14.10

Patches

Patch: unbound.netPatch: unbound.netPatch: unbound.net

🔴Vulnerability Details

3
GHSA
GHSA-rmpj-rcj8-qh82: iterator2022-05-17
CVEList
CVE-2014-8602: iterator2014-12-11
OSV
CVE-2014-8602: iterator2014-12-11

📋Vendor Advisories

4
Ubuntu
Unbound vulnerability2015-01-26
BSD
FreeBSD-SA-14:30.unbound: unbound remote denial of service vulnerability2014-12-17
Red Hat
unbound: specially crafted request can lead to denial of service2014-12-08
Debian
CVE-2014-8602: unbound - iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining...2014

💬Community

3
Bugzilla
CVE-2014-8602 unbound: specially crafted request can lead to denial of service2014-12-09
Bugzilla
CVE-2014-8602 unbound: specially crafted request can lead to denial of service [fedora-all]2014-12-09
Bugzilla
CVE-2014-8602 unbound: specially crafted request can lead to denial of service [epel-all]2014-12-09
CVE-2014-8602 — Nlnetlabs Unbound vulnerability | cvebase