pkg:Debian/unbound

All known vulnerabilities

• CRITICAL10.0CVE-2026-42960NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.
  from 0
• CRITICAL9.8CVE-2026-33278NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…
  from 0
• CRITICAL9.8Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
  from 0, < 1.9.6-1
• CRITICAL9.8Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.
  from 0, < 1.9.6-1
• CRITICAL9.8Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
  from 0, < 1.9.6-1
• CRITICAL9.8Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.
  from 0, < 1.9.6-1
• CRITICAL9.8Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.
  from 0, < 1.9.6-1
• CRITICAL9.8Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
  from 0, < 1.9.6-1
• CRITICAL9.8Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.
  from 0, < 1.9.6-1
• HIGH7.5NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a cras…
  from 0
• HIGH7.5NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID…
  from 0
• HIGH7.5NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of inc…
  from 0
• HIGH7.5NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could e…
  from 0
• HIGH7.5unbound - security update
  from 0, < 1.13.1-1+deb11u5
• HIGH7.5unbound - security update
  from 0, < 1.17.1-2+deb12u3
• HIGH7.5unbound - security update
  from 0, < 1.13.1-1+deb11u5
• HIGH7.5NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain…
  from 0, < 1.19.2-1
• HIGH7.5The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a de…
  from 0, < 1.13.1-1+deb11u2
• HIGH7.5pdns-recursor - security update
  from 0, < 1.13.1-1+deb11u2
• HIGH7.5pdns-recursor - security update
  from 0, < 1.13.1-1+deb11u2
• HIGH7.5pdns-recursor - security update
  from 0, < 1.9.0-2+deb10u4
• HIGH7.5A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software.
  from 0, < 1.13.1-1+deb11u1
• HIGH7.5Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.
  from 0, < 1.9.6-1
• HIGH7.5Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
  from 0, < 1.9.6-1
• HIGH7.5Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
  from 0, < 1.9.6-1
• HIGH7.5Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
  from 0, < 1.9.6-1
• HIGH7.5Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
  from 0, < 1.10.1-1
• HIGH7.5unbound - security update
  from 0, < 1.9.0-2+deb10u2
• HIGH7.5unbound - security update
  from 0, < 1.10.1-1
• HIGH7.5unbound - security update
  from 0, < 1.9.0-2+deb10u1
• HIGH7.5unbound - security update
  from 0, < 1.9.4-1
• HIGH7.3Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially cra…
  from 0, < 1.9.6-1
• MEDIUM6.5NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack.
  from 0, < 1.13.1-1+deb11u1
• MEDIUM6.5NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack.
  from 0, < 1.13.1-1+deb11u1
• MEDIUM5.9NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met…
  from 0
• MEDIUM5.9unbound1.9 - security update
  from 0, < 1.9.6-1
• MEDIUM5.5unbound - security update
  from 0, < 1.13.0-1
• MEDIUM5.5unbound - security update
  from 0, < 1.9.0-2+deb10u3
• MEDIUM5.3NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs t…
  from 0
• MEDIUM5.3NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negati…
  from 0
• MEDIUM5.3NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade res…
  from 0
• MEDIUM5.3NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--e…
  from 0
• MEDIUM5.3unbound - security update
  from 0, < 1.13.1-1+deb11u4
• MEDIUM5.3unbound - security update
  from 0, < 1.13.1-1+deb11u4
• MEDIUM5.3unbound - security update
  from 0, < 1.4.17-3+deb7u3
• MEDIUM5.3unbound - security update
  from 0, < 1.4.22-3+deb8u4
• MEDIUM5.3unbound - security update
  from 0, < 1.7.1-1
• MEDIUM4.8DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls w…
  from 0, < 1.13.1-1+deb11u3
• LOW2.8unbound - security update
  from 0, < 1.13.1-1+deb11u3
• LOW2.8unbound - security update
  from 0, < 1.13.1-1+deb11u3
• —unbound - security update
  from 0, < 1.22.0-2+deb13u1
• —unbound - security update
  from 0, < 1.13.1-1+deb11u7
• —unbound - security update
  from 0, < 1.13.1-1+deb11u7
• —unbound - security update
  from 0, < 1.13.1-1+deb11u6
• —A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Su…
  from 0, < 1.13.1-1+deb11u5
• —unbound - security update
  from 0, < 1.4.17-3+deb7u2
• —unbound - security update
  from 0, < 1.4.6-1+squeeze4
• —unbound - security update
  from 0, < 1.4.22-3
• —validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS…
  from 0, < 1.4.14-1
• —unbound - several
  from 0, < 1.4.6-1~lenny2
• —unbound - several
  from 0, < 1.4.14-1
• —unbound - design flaw
  from 0, < 1.4.6-1~lenny1
• —unbound - design flaw
  from 0, < 1.4.4-1
• —daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote at…
  from 0, < 1.4.10-1
• —Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (da…
  from 0, < 1.4.3-1
• —unbound - DNSSEC validation
  from 0, < 1.0.2-1+lenny1
• —unbound - DNSSEC validation
  from 0, < 1.3.4-1