CVE-2017-15105

EPSS 0.68%
Veröffentlicht 23.01.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:14:05
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nlnetlabs ≫ Unbound Version < 1.6.8

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version17.10

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.692

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-358 Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

http://www.securityfocus.com/bid/102817

Third Party Advisory

VDB Entry

https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html

Third Party Advisory

Mailing List

https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html

Third Party Advisory

Mailing List

https://unbound.net/downloads/CVE-2017-15105.txt

Patch

Vendor Advisory