FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2368755b-83f6-11ef-8d2e-a04a5edf46d9Unbound -- Denial of service attack

NLnet labs report:

A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for.

Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks.

Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long.

This change should not affect normal DNS traffic.


Discovery 2024-10-03
Entry 2024-10-06
unbound
< 1.21.1

CVE-2024-8508
https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/