7.8

CVE-2011-4869

validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
UnboundUnbound Version <= 1.4.12
UnboundUnbound Version0.0
UnboundUnbound Version0.1
UnboundUnbound Version0.2
UnboundUnbound Version0.3
UnboundUnbound Version0.4
UnboundUnbound Version0.5
UnboundUnbound Version0.6
UnboundUnbound Version0.7
UnboundUnbound Version0.7.1
UnboundUnbound Version0.7.2
UnboundUnbound Version0.8
UnboundUnbound Version0.09
UnboundUnbound Version0.10
UnboundUnbound Version0.11
UnboundUnbound Version1.0.0
UnboundUnbound Version1.0.1
UnboundUnbound Version1.0.2
UnboundUnbound Version1.1.0
UnboundUnbound Version1.1.1
UnboundUnbound Version1.2.0
UnboundUnbound Version1.2.1
UnboundUnbound Version1.3.0
UnboundUnbound Version1.3.1
UnboundUnbound Version1.3.2
UnboundUnbound Version1.3.3
UnboundUnbound Version1.3.4
UnboundUnbound Version1.4.0
UnboundUnbound Version1.4.1
UnboundUnbound Version1.4.2
UnboundUnbound Version1.4.3
UnboundUnbound Version1.4.4
UnboundUnbound Version1.4.5
UnboundUnbound Version1.4.6
UnboundUnbound Version1.4.7
UnboundUnbound Version1.4.8
UnboundUnbound Version1.4.9
UnboundUnbound Version1.4.10
UnboundUnbound Version1.4.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.08% 0.826
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
http://www.kb.cert.org/vuls/id/209659
Patch
US Government Resource