pkg:Debian/unbound
67 total CVEsCRITICAL9HIGH23MEDIUM16LOW2
✅ Check your installed version
All known vulnerabilities
- CRITICAL10.0CVE-2026-42960NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.from 0
- CRITICAL9.8CVE-2026-33278NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and…from 0
- CRITICAL9.8CVE-2019-25042Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.from 0, < 1.9.6-1
- CRITICAL9.8CVE-2019-25039Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c.from 0, < 1.9.6-1
- CRITICAL9.8CVE-2019-25038Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.from 0, < 1.9.6-1
- CRITICAL9.8CVE-2019-25035Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.from 0, < 1.9.6-1
- CRITICAL9.8CVE-2019-25034Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.from 0, < 1.9.6-1
- CRITICAL9.8CVE-2019-25033Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.from 0, < 1.9.6-1
- CRITICAL9.8CVE-2019-25032Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc.from 0, < 1.9.6-1
- HIGH7.5CVE-2026-42959NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a cras…from 0
- HIGH7.5CVE-2026-42944NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID…from 0
- HIGH7.5CVE-2026-41292NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of inc…from 0
- HIGH7.5CVE-2026-40622NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could e…from 0
- from 0, < 1.13.1-1+deb11u5
- from 0, < 1.17.1-2+deb12u3
- from 0, < 1.13.1-1+deb11u5
- HIGH7.5CVE-2024-1931NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain…from 0, < 1.19.2-1
- HIGH7.5CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a de…from 0, < 1.13.1-1+deb11u2
- from 0, < 1.13.1-1+deb11u2
- from 0, < 1.13.1-1+deb11u2
- from 0, < 1.9.0-2+deb10u4
- HIGH7.5CVE-2022-3204A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software.from 0, < 1.13.1-1+deb11u1
- HIGH7.5CVE-2019-25041Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy.from 0, < 1.9.6-1
- HIGH7.5CVE-2019-25040Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.from 0, < 1.9.6-1
- HIGH7.5CVE-2019-25037Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.from 0, < 1.9.6-1
- HIGH7.5CVE-2019-25036Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.from 0, < 1.9.6-1
- HIGH7.5CVE-2020-12663Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.from 0, < 1.10.1-1
- from 0, < 1.9.0-2+deb10u2
- from 0, < 1.10.1-1
- from 0, < 1.9.0-2+deb10u1
- from 0, < 1.9.4-1
- HIGH7.3CVE-2019-18934Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially cra…from 0, < 1.9.6-1
- MEDIUM6.5CVE-2022-30699NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack.from 0, < 1.13.1-1+deb11u1
- MEDIUM6.5CVE-2022-30698NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack.from 0, < 1.13.1-1+deb11u1
- MEDIUM5.9CVE-2026-44608NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met…from 0
- from 0, < 1.9.6-1
- from 0, < 1.13.0-1
- from 0, < 1.9.0-2+deb10u3
- MEDIUM5.3CVE-2026-44390NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs t…from 0
- MEDIUM5.3CVE-2026-42923NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negati…from 0
- MEDIUM5.3CVE-2026-42534NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade res…from 0
- MEDIUM5.3CVE-2026-32792NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--e…from 0
- from 0, < 1.13.1-1+deb11u4
- from 0, < 1.13.1-1+deb11u4
- from 0, < 1.4.17-3+deb7u3
- from 0, < 1.4.22-3+deb8u4
- from 0, < 1.7.1-1
- MEDIUM4.8CVE-2024-43168DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls w…from 0, < 1.13.1-1+deb11u3
- from 0, < 1.13.1-1+deb11u3
- from 0, < 1.13.1-1+deb11u3
- from 0, < 1.22.0-2+deb13u1
- from 0, < 1.13.1-1+deb11u7
- from 0, < 1.13.1-1+deb11u7
- from 0, < 1.13.1-1+deb11u6
- —CVE-2025-5994A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Su…from 0, < 1.13.1-1+deb11u5
- from 0, < 1.4.17-3+deb7u2
- from 0, < 1.4.6-1+squeeze4
- from 0, < 1.4.22-3
- —CVE-2011-4869validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS…from 0, < 1.4.14-1
- from 0, < 1.4.6-1~lenny2
- from 0, < 1.4.14-1
- from 0, < 1.4.6-1~lenny1
- from 0, < 1.4.4-1
- —CVE-2011-1922daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote at…from 0, < 1.4.10-1
- —CVE-2010-0969Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (da…from 0, < 1.4.3-1
- from 0, < 1.0.2-1+lenny1
- from 0, < 1.3.4-1