Karst Koymans

Name of the Vulnerable Software and Affected Versions: unbound versions prior to 1.6.8 Description: A flaw was found in the way unbound validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence of an existing wildcard record, or trick unbound into accepting a NODATA proof. Recommendations: For versions prior to 1.6.8, update to version 1.6.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of wildcard NSEC records until a patch is available.