Yuxiao Wu

**Name of the Vulnerable Software and Affected Versions** NLnet Labs Unbound versions up to and including 1.24.0 **Description** Unbound is susceptible to domain hijack attacks through the manipulation of DNS responses. Specifically, maliciously crafted NS Resource Record Sets (RRSets) included in replies can cause the resolver to update its delegation information, potentially leading to a zone transfer. An attacker could exploit this by injecting NS RRSets, possibly through packet spoofing or fragmentation attacks, causing Unbound to update its existing NS RRSet data due to the perceived trustworthiness of the injected information. **Recommendations** Update to version 1.24.1 or later.

**Name of the Vulnerable Software and Affected Versions** PowerDNS Recursor versions prior to 5.2.6-0+deb13u1 **Description** Insufficient validation of delegation information could lead to cache pollution in PowerDNS Recursor, a resolving name server. Updates will not be backported to the version of PDNS recursor in the oldstable distribution (bookworm). **Recommendations** Upgrade pdns-recursor packages to version 5.2.6-0+deb13u1. For affected setups, an update to Debian stable/trixie is recommended.

**Name of the Vulnerable Software and Affected Versions** PDNS Recursor versions prior to 5.2.6-0+deb13u1 **Description** Insufficient validation of delegation information could lead to cache pollution in PDNS Recursor, a resolving name server. The changes required to address this are too extensive to backport to the version of PDNS Recursor included in the oldstable distribution (bookworm). **Recommendations** Upgrade pdns-recursor packages to version 5.2.6-0+deb13u1 or later. For affected setups using the oldstable distribution (bookworm), upgrade to Debian stable/trixie.