PT-2026-42131 · Nlnet+4 · Unbound+4

·

CVE-2026-42944

·

Published

2026-05-20

·

Updated

2026-06-30

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions NLnet Labs Unbound versions 1.14.0 through 1.25.0
Description A heap overflow occurs when encoding multiple NSID, DNS Cookie EDNS, and EDNS Padding options in a reply packet. This happens because a flaw in the size calculation of the EDNS field truncates the correct value, allowing the encoder to overflow the available space when writing Unbound controlled data, which can lead to a crash. For this to be exploited, the options nsid, answer-cookie, and pad-responses must be enabled. An attacker can trigger this by attaching multiple NSID, DNS Cookie EDNS, or EDNS Padding options to a query.
Recommendations Update to version 1.25.1. As a temporary workaround, disable the nsid, answer-cookie, or pad-responses options to prevent exploitation.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:23231
ALSA-2026:24365
ALSA-2026:24369
CVE-2026-42944
ECHO-7892-53AE-A3FB
OPENSUSE-SU-2026:10903-1
OPENSUSE-SU-2026:21083-1
RHSA-2026:23231
RHSA-2026:24365
RHSA-2026:24369
SUSE-SU-2026:21874-1
SUSE-SU-2026:21913-1
SUSE-SU-2026:22160-1
SUSE-SU-2026:22213-1
SUSE-SU-2026:2281-1
SUSE-SU-2026:2369-1
USN-8282-1

Affected Products

Freebsd
Linuxmint
Rocky Linux
Ubuntu
Unbound