CVE-2017-15105
23.01.2018, 16:29
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nlnetlabs | unbound | 𝑥 < 1.6.8 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 18.04 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libunbound2 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| libunbound8 |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| unbound-anchor |
| ||||||||||||||||||||||||||||||||||||||||||||||||
| unbound-devel |
|
Common Weakness Enumeration
- CWE-358 - Improperly Implemented Security Check for StandardThe software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
References