CVE-2024-8508

< 1.21.1

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that i

5.3MEDIUM

CVE-2024-1931

>= 1.18.0 and < 1.19.2

NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a

7.5HIGH

CVE-2024-1488

< 1.19.1-2.fc40

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modif

8.0HIGH

CVE-2023-50387

< 1.19.1

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a den

7.5HIGH

CVE-2022-3204

<= 1.16.2

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving softwa

7.5HIGH

CVE-2022-30699

< 1.16.2

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vuln

6.5MEDIUM

CVE-2022-30698

< 1.16.2

NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulne

6.5MEDIUM

CVE-2019-25042

< 1.9.5

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a v

9.8CRITICAL

CVE-2019-25041

< 1.9.5

Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a

7.5HIGH

CVE-2019-25040

< 1.9.5

Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vul

7.5HIGH

CVE-2019-25039

< 1.9.5

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a

9.8CRITICAL

CVE-2019-25038

< 1.9.5

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this

9.8CRITICAL

CVE-2019-25037

< 1.9.5

Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor d

7.5HIGH

CVE-2019-25036

< 1.9.5

Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vu

7.5HIGH

CVE-2019-25035

< 1.9.5

Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability

9.8CRITICAL

CVE-2019-25034

< 1.9.5

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The v

9.8CRITICAL

CVE-2019-25033

< 1.9.5

Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that t

9.8CRITICAL

CVE-2019-25032

< 1.9.5

Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this

9.8CRITICAL

CVE-2019-25031

< 1.9.5

Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack aga

5.9MEDIUM

CVE-2020-28935

< 1.13.0

NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vul

5.5MEDIUM

CVE-2020-10772

all versions

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vul

7.5HIGH

CVE-2020-12663

< 1.10.1

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.

7.5HIGH

CVE-2020-12662

< 1.10.1

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random s

7.5HIGH

CVE-2019-18934

>= 1.6.4 and <= 1.9.4

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a spec

7.3HIGH

CVE-2019-16866

< 1.9.4

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. T

7.5HIGH

CVE-2017-15105

< 1.6.8

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSE

5.3MEDIUM

CVE-2014-8602

<= 1.5.0

iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial

CVE-2012-1192

<= 1.4.10

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a respo

CVE-2011-4869

<= 1.4.12

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows r

CVE-2011-4528

<= 1.4.13

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which a

CVE-2009-4008

<= 1.4.3

Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attacker

CVE-2011-1922

all versions

daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows

CVE-2010-0969

<= 1.4.2

Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of se

CVE-2009-3602

<= 1.3.3

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegati