PT-2011-4972 · Nlnet · Unbound
Christopher Olah
·
Published
2011-12-20
·
Updated
2012-11-06
·
CVE-2011-4528
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Unbound versions prior to 1.4.13p2
Description
The issue allows remote DNS servers to cause a denial of service, resulting in a daemon crash, by sending a crafted response with duplicate CNAME records in a signed zone. This occurs due to an attempt to free unallocated memory during the processing of such records.
Recommendations
For versions prior to 1.4.13p2, update to version 1.4.13p2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unbound