Nlnet Labs Unbound vulnerabilities

CVE-2025-11411 [MEDIUM] CWE-349 CVE-2025-11411: NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attack NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's n

CVE-2025-5994 [HIGH] CWE-349 CVE-2025-5994: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in cachin A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-clie

CVE-2024-8508 [MEDIUM] CWE-606 CVE-2024-8508: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded perform

CVE-2024-1931 [HIGH] CWE-835 CVE-2024-1931: NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that ca NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records

CVE-2022-3204 [HIGH] CWE-400 CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered i A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers.

CVE-2022-30698 [MEDIUM] CWE-613 CVE-2022-30698: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost d NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. Th

CVE-2022-30699 [MEDIUM] CWE-613 CVE-2022-30699: NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation

CVE-2020-28935 [MEDIUM] CWE-59 CVE-2020-28935: NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including vers NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an existing file for writing. In case the file was already present, they would

CVE-2017-15105 [MEDIUM] CWE-358 CVE-2017-15105: A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An imp A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.