Nlnetlabs Unbound vulnerabilities
49 known vulnerabilities affecting nlnetlabs/unbound.
Total CVEs
49
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH20MEDIUM19LOW1
Vulnerabilities
Page 1 of 3
CVE-2023-50387P3HIGHCVSS 7.5fixed in 1.19.12024-02-14
CVE-2023-50387 [HIGH] CWE-770 CVE-2023-50387: Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow r
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an al
nvdosv
CVE-2023-50868P3HIGHCVSS 7.5≥ 0, < 1.13.1-1+deb11u2≥ 0, < 1.17.1-2+deb12u2+1 more2024-02-14
CVE-2023-50868 [HIGH] CVE-2023-50868: The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of ser
The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that a
osv
CVE-2026-33278P2CRITICALCVSS 9.8≥ 1.19.1, < 1.25.12026-05-20
CVE-2026-33278 [CRITICAL] CWE-416 CVE-2026-33278: NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC valid
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the vulnerability by controlling a malicious signed zone
nvd
CVE-2026-42960P3CRITICALCVSS 10.0fixed in 1.25.12026-05-20
CVE-2026-42960 [CRITICAL] CVE-2026-42960: NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous rec
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack
nvd
CVE-2019-25034P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25034 [CRITICAL] CWE-190 CVE-2019-25034: Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an ou
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25042P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25042 [CRITICAL] CWE-787 CVE-2019-25042: Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The ve
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25035P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25035 [CRITICAL] CWE-787 CVE-2019-25035: Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor dispute
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25032P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25032 [CRITICAL] CWE-190 CVE-2019-25032: Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE:
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25038P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25038 [CRITICAL] CWE-190 CVE-2019-25038: Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE:
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25039P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25039 [CRITICAL] CWE-190 CVE-2019-25039: Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25033P3CRITICALCVSS 9.8fixed in 1.9.52021-04-27
CVE-2019-25033 [CRITICAL] CWE-190 CVE-2019-25033: Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NO
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2026-42944P3HIGHCVSS 7.5≥ 1.14.0, < 1.25.12026-05-20
CVE-2026-42944 [HIGH] CWE-197 CVE-2026-42944: NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in hea
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversa
nvd
CVE-2025-5994P3HIGHCVSS 8.7≥ 0, < 1.13.1-1+deb11u5≥ 0, < 1.17.1-2+deb12u3+1 more2025-07-16
CVE-2025-5994 [HIGH] CVE-2025-5994: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS)
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name serv
osv
CVE-2019-18934P3HIGHCVSS 7.3≥ 1.6.4, ≤ 1.9.42019-11-19
CVE-2019-18934 [HIGH] CWE-78 CVE-2019-18934: Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code ex
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
nvdosv
CVE-2026-40622P3HIGHCVSS 7.5≥ 1.16.2, < 1.25.12026-05-20
CVE-2026-40622 [HIGH] CWE-346 CVE-2026-40622: NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domai
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a (ghost) zone and be able to query a vulnerable Unbound. A singl
nvd
CVE-2019-16866P3HIGHCVSS 7.5fixed in 1.9.42019-10-03
CVE-2019-16866 [HIGH] CWE-755 CVE-2019-16866: Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
nvdosv
CVE-2024-1931P3HIGHCVSS 7.5≥ 1.18.0, < 1.19.22024-03-07
CVE-2024-1931 [HIGH] CWE-835 CVE-2024-1931: NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that ca
NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records
nvdosv
CVE-2026-42959P3HIGHCVSS 7.5fixed in 1.25.12026-05-20
CVE-2026-42959 [HIGH] CWE-824 CVE-2026-42959: NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the D
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could inc
nvd
CVE-2026-41292P3HIGHCVSS 7.5fixed in 1.25.12026-05-20
CVE-2026-41292 [HIGH] CWE-407 CVE-2026-41292: NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service atta
NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can res
nvd
CVE-2020-12662P3HIGHCVSS 7.5fixed in 1.10.12020-05-19
CVE-2020-12662 [HIGH] CWE-400 CVE-2020-12662: Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue.
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
nvdosv
1 / 3Next →