Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-15105

Опубликовано: 19 янв. 2018
Источник: redhat
CVSS3: 5.4
EPSS Низкий

Описание

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

A flaw was found in the way unbound validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

Отчет

This issue affects the versions of unbound as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6unboundNot affected
Red Hat Enterprise Linux 7unboundWill not fix
Red Hat Enterprise Linux 8unboundNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-358
https://bugzilla.redhat.com/show_bug.cgi?id=1507049unbound: Improper validation of wildcard synthesized NSEC records

EPSS

Процентиль: 71%
0.00686
Низкий

5.4 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-15105

CVSS3: 5.3
ubuntu
около 8 лет назад

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

nvd логотип

CVE-2017-15105

CVSS3: 5.3
nvd
около 8 лет назад

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

debian логотип

CVE-2017-15105

CVSS3: 5.3
debian
около 8 лет назад

A flaw was found in the way unbound before 1.6.8 validated wildcard-sy ...

github логотип

GHSA-8hp4-8fgw-m69h

CVSS3: 5.3
github
больше 3 лет назад

A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.

EPSS

Процентиль: 71%
0.00686
Низкий

5.4 Medium

CVSS3