PT-2026-42124 · Nlnet+3 · Unbound+3
Andrew Griffiths
·
Published
2026-05-20
·
Updated
2026-06-18
·
CVE-2026-32792
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Unbound versions 1.6.2 through 1.25.0
Description
A denial of service issue exists when the software is compiled with DNSCrypt support using the
--enable-dnscrypt flag. A specially crafted DNSCrypt query, where the decrypted plaintext consists entirely of 0x00 bytes and lacks the expected 0x80 marker, can cause an underflow in the DNSCrypt packet reading procedure. This may lead to a heap overflow—a condition where data exceeds the boundary of a memory block allocated on the heap—potentially resulting in a crash. The likelihood of a crash depends on the underlying memory allocator and memory layout.Recommendations
Update to version 1.25.1.
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Freebsd
Linuxmint
Ubuntu
Unbound