PT-2026-42125 · Unbound+4 · Unbound+4

Qifan Zhang

·

Published

2026-05-20

·

Updated

2026-06-30

·

CVE-2026-33278

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.19.1 through 1.25.0
Description A flaw in the DNSSEC validator allows for denial of service and potential remote code execution. The issue occurs during the deep copying of a data structure when DS sub-queries suspend validation due to NSEC3 computational budget exhaustion. A struct-assignment bug causes the destination pointer to be overwritten by the source pointer. When the sub-query region is subsequently freed, the resumed validator dereferences this dangling pointer, which can lead to a system crash or arbitrary code execution. An attacker can trigger this by controlling a malicious signed zone and querying the affected system.
Recommendations Update to version 1.25.1.

Fix

RCE

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:23231
ALSA-2026:24369
CVE-2026-33278
ECHO-A689-363A-CB69
OPENSUSE-SU-2026:10903-1
OPENSUSE-SU-2026:21083-1
RHSA-2026:19752
RHSA-2026:23231
RHSA-2026:24369
SUSE-SU-2026:21874-1
SUSE-SU-2026:21913-1
SUSE-SU-2026:22160-1
SUSE-SU-2026:22213-1
SUSE-SU-2026:2281-1
SUSE-SU-2026:2369-1
USN-8282-1

Affected Products

Freebsd
Linuxmint
Rocky Linux
Ubuntu
Unbound