CVE-2017-15105

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
nlnetlabsunbound
𝑥
< 1.6.8
debiandebian_linux
7.0
debiandebian_linux
8.0
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
unbound
bullseye
1.13.1-1+deb11u2
fixed
bullseye (security)
1.13.1-1+deb11u3
fixed
bookworm
1.17.1-2+deb12u2
fixed
bookworm (security)
1.17.1-2+deb12u2
fixed
sid
1.22.0-1
fixed
trixie
1.22.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
unbound
bionic
Fixed 1.6.7-1ubuntu2.1
released
artful
Fixed 1.6.5-1ubuntu0.2
released
xenial
Fixed 1.5.8-1ubuntu1.1
released
trusty
Fixed 1.4.22-1ubuntu4.14.04.3
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102817
https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html
https://unbound.net/downloads/CVE-2017-15105.txt
https://usn.ubuntu.com/3673-1/
http://www.securityfocus.com/bid/102817
https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html
https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html
https://unbound.net/downloads/CVE-2017-15105.txt
https://usn.ubuntu.com/3673-1/