Vulnerabilities
Vulnerable Software
Nlnetlabs:  Security Vulnerabilities
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVSS Score
9.8
EPSS Score
0.023
Published
2017-11-17
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.
CVSS Score
7.5
EPSS Score
0.029
Published
2017-02-09
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVSS Score
4.3
EPSS Score
0.252
Published
2014-12-11
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
CVSS Score
2.1
EPSS Score
0.004
Published
2014-11-16
query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x before 3.2.12 allows remote attackers to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
CVSS Score
5.0
EPSS Score
0.092
Published
2012-07-27
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
CVSS Score
6.8
EPSS Score
0.041
Published
2011-11-04
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
CVSS Score
5.0
EPSS Score
0.027
Published
2011-06-02
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
CVSS Score
4.3
EPSS Score
0.071
Published
2011-05-31
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.026
Published
2010-03-16
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
CVSS Score
7.5
EPSS Score
0.03
Published
2009-10-13


Contact Us

Shodan ® - All rights reserved