cbcvebase.

Nlnetlabs Unbound vulnerabilities

49 known vulnerabilities affecting nlnetlabs/unbound.

Total CVEs
49
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH20MEDIUM19LOW1

Vulnerabilities

Page 2 of 3
CVE-2019-25041P3HIGHCVSS 7.5fixed in 1.9.52021-04-27
CVE-2019-25041 [HIGH] CWE-617 CVE-2019-25041: Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25040P3HIGHCVSS 7.5fixed in 1.9.52021-04-27
CVE-2019-25040 [HIGH] CWE-835 CVE-2019-25040: Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vend Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2024-33655P3HIGHCVSS 7.5≥ 0, < 1.13.1-1+deb11u5≥ 0, < 1.17.1-2+deb12u3+1 more2024-06-06
CVE-2024-33655 [HIGH] CVE-2024-33655: The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to b The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb"
osv
CVE-2020-12663P3HIGHCVSS 7.5fixed in 1.10.12020-05-19
CVE-2020-12663 [HIGH] CWE-835 CVE-2020-12663: Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
nvdosv
CVE-2020-10772P3HIGHCVSS 7.5v1.6.6-5vunbound-1.6.6-5.el7_82020-11-27
CVE-2020-10772 [HIGH] CWE-406 CVE-2020-10772: An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned e
nvd
CVE-2022-3204P3HIGHCVSS 7.5≤ 1.16.22022-09-26
CVE-2022-3204 [HIGH] CWE-400 CVE-2022-3204: A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered i A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by querying a resolver for a record that relies on those unresponsive nameservers.
nvdosv
CVE-2019-25037P3HIGHCVSS 7.5fixed in 1.9.52021-04-27
CVE-2019-25037 [HIGH] CWE-617 CVE-2019-25037: Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an inva Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2019-25036P3HIGHCVSS 7.5fixed in 1.9.52021-04-27
CVE-2019-25036 [HIGH] CWE-617 CVE-2019-25036: Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The ven Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
nvdosv
CVE-2022-30699P3MEDIUMCVSS 6.5fixed in 1.16.22022-08-01
CVE-2022-30699 [MEDIUM] CWE-613 CVE-2022-30699: NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation
nvdosv
CVE-2009-3602P4HIGHCVSS 7.5≤ 1.3.3v0.0+23 more2009-10-13
CVE-2009-3602 [HIGH] CWE-310 CVE-2009-3602: Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote atta Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
nvdosv
CVE-2022-30698P4MEDIUMCVSS 6.5fixed in 1.16.22022-08-01
CVE-2022-30698 [MEDIUM] CWE-613 CVE-2022-30698: NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost d NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. Th
nvdosv
CVE-2014-8602P4MEDIUMCVSS 4.3≤ 1.5.02014-12-11
CVE-2014-8602 [MEDIUM] CWE-399 CVE-2014-8602: iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remot iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
nvdosv
CVE-2026-44390P4MEDIUMCVSS 5.3fixed in 1.25.12026-05-20
CVE-2026-44390 [MEDIUM] CVE-2026-44390: NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstream responses with very large RRsets with records that don't share a suffix above the root can cause Unbound to spend a considerable time applying name compression to downst
nvd
CVE-2011-4869P4MEDIUMCVSS 5.0≥ 0, < 1.4.14-12011-12-20
CVE-2011-4869 [MEDIUM] CVE-2011-4869: validator/val_nsec3 validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.
osv
CVE-2026-44608P4MEDIUMCVSS 5.9≥ 1.14.0, < 1.25.12026-05-20
CVE-2026-44608 [MEDIUM] CWE-413 CVE-2026-44608: NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerabili NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with 'rpz-nsip'/'rpz-nsdname' triggers) it could result in heap use-after-free and eventual crash. An adversary can exploit the vulnerability if conditions are first met
nvd
CVE-2026-42534P4MEDIUMCVSS 5.3fixed in 1.25.12026-05-20
CVE-2026-42534 [MEDIUM] CWE-440 CVE-2026-42534: NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that c NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversa
nvd
CVE-2019-25031P4MEDIUMCVSS 5.9fixed in 1.9.52021-04-27
CVE-2019-25031 [MEDIUM] CWE-74 CVE-2019-25031: Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successfu Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configurati
nvdosv
CVE-2026-32792P4MEDIUMCVSS 5.3≥ 1.6.2, < 1.25.12026-05-20
CVE-2026-32792 [MEDIUM] CWE-125 CVE-2026-32792: NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability wh NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query
nvd
CVE-2025-11411P4MEDIUMCVSS 5.7≥ 0, < 1.13.1-1+deb11u7≥ 0, < 1.17.1-2+deb12u4+2 more2025-10-22
CVE-2025-11411 [MEDIUM] CVE-2025-11411: NLnet Labs Unbound up to and including version 1 NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible pois
osv
CVE-2024-8508P4MEDIUMCVSS 5.3fixed in 1.21.12024-10-03
CVE-2024-8508 [MEDIUM] CWE-606 CVE-2024-8508: NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded perform
nvdosv
Nlnetlabs Unbound vulnerabilities | cvebase