PT-2026-42124 · Nlnet+3 · Unbound+3

Andrew Griffiths

·

Published

2026-05-20

·

Updated

2026-06-18

·

CVE-2026-32792

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.6.2 through 1.25.0
Description A denial of service issue exists when the software is compiled with DNSCrypt support using the --enable-dnscrypt flag. A specially crafted DNSCrypt query, where the decrypted plaintext consists entirely of 0x00 bytes and lacks the expected 0x80 marker, can cause an underflow in the DNSCrypt packet reading procedure. This may lead to a heap overflow—a condition where data exceeds the boundary of a memory block allocated on the heap—potentially resulting in a crash. The likelihood of a crash depends on the underlying memory allocator and memory layout.
Recommendations Update to version 1.25.1.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-32792
ECHO-248E-DAC5-2836
OPENSUSE-SU-2026:10903-1
OPENSUSE-SU-2026:21083-1
RHSA-2026:20357
SUSE-SU-2026:21874-1
SUSE-SU-2026:21913-1
SUSE-SU-2026:22160-1
SUSE-SU-2026:22213-1
SUSE-SU-2026:2281-1
SUSE-SU-2026:2369-1
USN-8282-1

Affected Products

Freebsd
Linuxmint
Ubuntu
Unbound