PT-2026-42131 · Nlnet+4 · Unbound+4
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Unbound versions 1.14.0 through 1.25.0
Description
A heap overflow occurs when encoding multiple NSID, DNS Cookie EDNS, and EDNS Padding options in a reply packet. This happens because a flaw in the size calculation of the EDNS field truncates the correct value, allowing the encoder to overflow the available space when writing Unbound controlled data, which can lead to a crash. For this to be exploited, the options
nsid, answer-cookie, and pad-responses must be enabled. An attacker can trigger this by attaching multiple NSID, DNS Cookie EDNS, or EDNS Padding options to a query.Recommendations
Update to version 1.25.1.
As a temporary workaround, disable the
nsid, answer-cookie, or pad-responses options to prevent exploitation.Fix
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Freebsd
Linuxmint
Rocky Linux
Ubuntu
Unbound