CVE-2026-33278

EUVD-2026-31075
NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the vulnerability by controlling a malicious signed zone and querying a vulnerable Unbound. When DS sub-queries need to suspend validation due to NSEC3 computational budget exhaustion (introduced in Unbound 1.19.1), Unbound deep-copies response messages to preserve them across memory region teardown. A struct-assignment bug overwrites the destination's pointer with the source's pointer. After the sub-query region is freed, the resumed validator dereferences this dangling pointer, triggering a crash or potentially enabling arbitrary code execution. Unbound 1.25.1 contains a patch with a fix to preserve the correct pointer when deep copying the data structure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
nlnetlabsunbound
1.19.1 ≤
𝑥
< 1.25.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
unbound
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
1.25.1-1
fixed
sid
1.25.1-1
fixed
trixie
vulnerable
trixie (security)
1.22.0-2+deb13u3
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libunbound8
suse enterprise desktop 15 SP7
1.20.0-150600.23.16.1
fixed
suse enterprise sap 15 SP4
1.20.0-150100.10.25.1
fixed
suse enterprise sap 15 SP5
1.20.0-150100.10.25.1
fixed
suse enterprise sap 15 SP7
1.20.0-150600.23.16.1
fixed
suse enterprise server 15 SP4
1.20.0-150100.10.25.1
fixed
suse enterprise server 15 SP5
1.20.0-150100.10.25.1
fixed
suse enterprise server 15 SP6
1.20.0-150600.23.16.1
fixed
suse enterprise server 15 SP7
1.20.0-150600.23.16.1
fixed
unbound-anchor
suse enterprise desktop 15 SP7
1.20.0-150600.23.16.1
fixed
suse enterprise sap 15 SP4
1.20.0-150100.10.25.1
fixed
suse enterprise sap 15 SP5
1.20.0-150100.10.25.1
fixed
suse enterprise sap 15 SP7
1.20.0-150600.23.16.1
fixed
suse enterprise server 15 SP4
1.20.0-150100.10.25.1
fixed
suse enterprise server 15 SP5
1.20.0-150100.10.25.1
fixed
suse enterprise server 15 SP6
1.20.0-150600.23.16.1
fixed
suse enterprise server 15 SP7
1.20.0-150600.23.16.1
fixed
unbound-devel
suse enterprise desktop 15 SP7
1.20.0-150600.23.16.1
fixed
suse enterprise sap 15 SP4
1.20.0-150100.10.25.1
fixed
suse enterprise sap 15 SP5
1.20.0-150100.10.25.1
fixed
suse enterprise sap 15 SP7
1.20.0-150600.23.16.1
fixed
suse enterprise server 15 SP4
1.20.0-150100.10.25.1
fixed
suse enterprise server 15 SP5
1.20.0-150100.10.25.1
fixed
suse enterprise server 15 SP6
1.20.0-150600.23.16.1
fixed
suse enterprise server 15 SP7
1.20.0-150600.23.16.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
python3-unbound
RHEL 9
0:1.24.2-3.el9_8.1
fixed
unbound
RHEL 9
0:1.24.2-3.el9_8.1
fixed
unbound-devel
RHEL 9
0:1.24.2-3.el9_8.1
fixed
unbound-dracut
RHEL 9
0:1.24.2-3.el9_8.1
fixed
unbound-libs
RHEL 9
0:1.24.2-3.el9_8.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
python2-unbound
Amazon Linux 2
0:1.7.3-15.amzn2.0.14
fixed
python3-unbound
Amazon Linux 2
0:1.7.3-15.amzn2.0.14
fixed
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
python3-unbound-debuginfo
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound
Amazon Linux 2
0:1.7.3-15.amzn2.0.14
fixed
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-anchor
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-anchor-debuginfo
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-debuginfo
Amazon Linux 2
0:1.7.3-15.amzn2.0.14
fixed
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-debugsource
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-devel
Amazon Linux 2
0:1.7.3-15.amzn2.0.14
fixed
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-libs
Amazon Linux 2
0:1.7.3-15.amzn2.0.14
fixed
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-libs-debuginfo
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-utils
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
unbound-utils-debuginfo
Amazon Linux 2023
0:1.17.1-1.amzn2023.0.12
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
unbound
Azure Linux 3.0
0:1.25.1-1.azl3
fixed