MidnightBSD

Advisories for unbound

CVE-2011-4528 MEDIUM

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
unbound unbound 0.09
unbound unbound 1.4.1
unbound unbound 1.4.7
unbound unbound 0.2
unbound unbound 1.2.0
unbound unbound 0.3
unbound unbound 1.0.2
unbound unbound 0.7
unbound unbound 1.4.6
unbound unbound 0.1
unbound unbound 0.6
unbound unbound 1.4.2
unbound unbound 0.7.1
unbound unbound 1.4.9
unbound unbound 1.0.1
unbound unbound 1.4.10
unbound unbound 1.4.14
unbound unbound 0.8
unbound unbound 0.11
unbound unbound 1.2.1
unbound unbound 1.4.11
unbound unbound 1.4.0
unbound unbound 1.4.12
unbound unbound 1.4.3
unbound unbound *
unbound unbound 0.5
unbound unbound 1.3.2
unbound unbound 1.4.5
unbound unbound 0.0
unbound unbound 1.4.4
unbound unbound 0.10
unbound unbound 1.3.1
unbound unbound 1.1.0
unbound unbound 1.1.1
unbound unbound 0.7.2
unbound unbound 1.0.0
unbound unbound 0.4
unbound unbound 1.3.0
unbound unbound 1.3.4
unbound unbound 1.4.8
unbound unbound 1.3.3
CVE-2011-4869 HIGH

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
unbound unbound 0.09
unbound unbound 1.4.1
unbound unbound 1.4.7
unbound unbound 0.2
unbound unbound 1.2.0
unbound unbound 0.3
unbound unbound 1.0.2
unbound unbound 0.7
unbound unbound 1.4.6
unbound unbound 0.1
unbound unbound 0.6
unbound unbound 1.4.2
unbound unbound 0.7.1
unbound unbound 1.4.9
unbound unbound 1.0.1
unbound unbound 1.4.10
unbound unbound 0.8
unbound unbound 0.11
unbound unbound 1.2.1
unbound unbound 1.4.11
unbound unbound 1.4.0
unbound unbound 1.4.3
unbound unbound *
unbound unbound 0.5
unbound unbound 1.3.2
unbound unbound 1.4.5
unbound unbound 0.0
unbound unbound 1.4.4
unbound unbound 0.10
unbound unbound 1.3.1
unbound unbound 1.1.0
unbound unbound 1.1.1
unbound unbound 0.7.2
unbound unbound 1.0.0
unbound unbound 0.4
unbound unbound 1.3.0
unbound unbound 1.3.4
unbound unbound 1.4.8
unbound unbound 1.3.3
CVE-2012-1192 MEDIUM

The resolver in Unbound before 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
unbound unbound 1.4.1
unbound unbound 1.4.7
unbound unbound 0.2
unbound unbound 1.2.0
unbound unbound 0.3
unbound unbound 1.0.2
unbound unbound 0.9
unbound unbound 0.7
unbound unbound 1.4.6
unbound unbound 0.1
unbound unbound 0.6
unbound unbound 1.4.2
unbound unbound 0.7.1
unbound unbound 1.4.9
unbound unbound 1.0.1
unbound unbound 0.8
unbound unbound 0.11
unbound unbound 1.2.1
unbound unbound 1.4.0
unbound unbound 1.4.3
unbound unbound *
unbound unbound 0.5
unbound unbound 1.3.2
unbound unbound 1.4.5
unbound unbound 0.0
unbound unbound 1.4.4
unbound unbound 0.10
unbound unbound 1.3.1
unbound unbound 1.1.0
unbound unbound 1.1.1
unbound unbound 0.7.2
unbound unbound 1.0.0
unbound unbound 0.4
unbound unbound 1.3.0
unbound unbound 1.3.4
unbound unbound 1.4.8
unbound unbound 1.3.3