PT-2026-42135 · Nlnet+3 · Unbound+3
Qifan Zhang
·
Published
2026-05-20
·
Updated
2026-06-18
·
CVE-2026-44608
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
NLnet Labs Unbound versions 1.14.0 through 1.25.0
Description
A locking inconsistency occurs when specific conditions are met: the system is multi-threaded, an RPZ (Response Policy Zone) XFR (Zone Transfer) reload is performed, and an RPZ zone contains
rpz-nsip or rpz-nsdname triggers. If an XFR occurs while another thread is reading the RPZ zone, the reader may not hold the lock sufficiently, allowing the thread applying the XFR to free objects that the reader is accessing. This leads to a heap use-after-free (a situation where a program continues to use a pointer after it has been freed), which can result in a crash. Local RPZ files do not trigger this issue.Recommendations
Update to version 1.25.1.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd
Linuxmint
Ubuntu
Unbound