CVE-2017-15105Improperly Implemented Security Check for Standard in Unbound

CWE-358Improperly Implemented Security Check for StandardCWE-20Improper Input Validation9 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.7%
top 28.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Nlnetlabs UnboundNlnet Labs UnboundCanonical Ubuntu Linux+1 more
Timeline
PublishedJan 23
Latest updateMay 13

Description

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDnlnetlabs/unbound< 1.6.8
Debiannlnetlabs/unbound< 1.7.1-1+3
CVEListV5nlnet_labs/unboundbefore 1.6.8

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 14.04, 16.04, 17.10, 18.04

Patches

Patch: unbound.netPatch: unbound.net

🔴Vulnerability Details

3
GHSA
GHSA-8hp4-8fgw-m69h: A flaw was found in the way unbound before 12022-05-13
OSV
CVE-2017-15105: A flaw was found in the way unbound before 12018-01-23
CVEList
CVE-2017-15105: A flaw was found in the way unbound before 12018-01-23

📋Vendor Advisories

3
Ubuntu
Unbound vulnerability2018-06-07
Red Hat
unbound: Improper validation of wildcard synthesized NSEC records2018-01-19
Debian
CVE-2017-15105: unbound - A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized ...2017

💬Community

2
Bugzilla
CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records [fedora-all]2018-01-19
Bugzilla
CVE-2017-15105 unbound: Improper validation of wildcard synthesized NSEC records2017-10-27
CVE-2017-15105 — Nlnetlabs Unbound vulnerability | cvebase