Home

CVE-2017-15105

Description

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.686

Associated Vulnerability

VulnerabilityOS Platform
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.5.8-1ubuntu1.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.5.8-1ubuntu1.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.6.5-1ubuntu0.2_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.6.5-1ubuntu0.2_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.6.7-1ubuntu2.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.6.7-1ubuntu2.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.4.22-1ubuntu4.14.04.3_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) unbound_1.4.22-1ubuntu4.14.04.3_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.5.8-1ubuntu1.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.5.8-1ubuntu1.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.6.5-1ubuntu0.2_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.6.5-1ubuntu0.2_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.6.7-1ubuntu2.1_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.6.7-1ubuntu2.1_amd64.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.4.22-1ubuntu4.14.04.3_i386.debLinux
validating, recursive, caching DNS resolver (USN-3673-1) libunbound2_1.4.22-1ubuntu4.14.04.3_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234