Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-4528

Опубликовано: 20 дек. 2011
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.

Комментарий

Per: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt

"1.4.14 is released with the patch, but 1.4.14rc1 is vulnerable. http://www.unbound.net/downloads/unbound-1.4.14.tar.gz"

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:unbound:unbound:*:*:*:*:*:*:*:*
Версия до 1.4.13 (включая)
cpe:2.3:a:unbound:unbound:0.0:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.2:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.3:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.4:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.5:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.6:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.7:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.8:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.09:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.10:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:0.11:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:unbound:unbound:1.4.14:rc1:*:*:*:*:*:*

EPSS

Процентиль: 86%
0.02914
Низкий

5 Medium

CVSS2

Дефекты

CWE-399

Связанные уязвимости

ubuntu логотип

CVE-2011-4528

ubuntu
около 14 лет назад

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.

debian логотип

CVE-2011-4528

debian
около 14 лет назад

Unbound before 1.4.13p2 attempts to free unallocated memory during pro ...

github логотип

GHSA-q376-m379-55x8

github
больше 3 лет назад

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.

EPSS

Процентиль: 86%
0.02914
Низкий

5 Medium

CVSS2

Дефекты

CWE-399