cbcvebase.
CVE-2017-15105
published 2018-01-23

CVE-2017-15105: A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to…

PriorityP427medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
2.68%
83.9th percentile
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Affected

13 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianunbound< unbound 1.7.1-1 (bookworm)unbound 1.7.1-1 (bookworm)
nlnet_labsunbound
nlnetlabsunbound< 1.6.81.6.8
nlnetlabsunbound>= 0 < 1.7.1-11.7.1-1
nlnetlabsunbound>= 0 < 1.7.1-11.7.1-1
nlnetlabsunbound>= 0 < 1.7.1-11.7.1-1
nlnetlabsunbound>= 0 < 1.7.1-11.7.1-1

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.