CVE-2011-4869
EPSS 2.1%
Description
validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.
How to fix CVE-2011-4869
To remediate CVE-2011-4869, upgrade the affected package to a fixed version below.
- Debian/unbound—upgrade to 1.4.14-1 or later
Is CVE-2011-4869 being exploited?
Low — EPSS is 2.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.14-1