{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"unbound security update", "category":"general", "title":"Synopsis" }, { "text":"An update for unbound is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most platforms such as FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows. Unbound is a totally free, open source software under the BSD license. It doesn't make custom builds or provide specific features to paying customers only.\n\nSecurity Fix(es):\n\nNLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the vulnerability by controlling a malicious signed zone and querying a vulnerable Unbound. When DS sub-queries need to suspend validation due to NSEC3 computational budget exhaustion (introduced in Unbound 1.19.1), Unbound deep-copies response messages to preserve them across memory region teardown. A struct-assignment bug overwrites the destination's pointer with the source's pointer. After the sub-query region is freed, the resumed validator dereferences this dangling pointer, triggering a crash or potentially enabling arbitrary code execution. Unbound 1.25.1 contains a patch with a fix to preserve the correct pointer when deep copying the data structure.(CVE-2026-33278)\n\nNLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).(CVE-2026-41292)\n\nNLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.(CVE-2026-42944)\n\nNLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could increase the ANSWER section count and authority filtering could decrease the AUTHORITY section count and create an uninitialized array slot. Combining these two, the validator later dereferences this uninitialized pointer, causing an immediate process crash. An adversary controlling a DNSSEC-signed domain can trigger this bug with a single query by configuring a DNAME chain with unsigned CNAMEs and a response containing unsigned AUTHORITY records alongside signed ADDITIONAL glue records. Unbound 1.25.1 contains a patch with a fix to use the proper counters to calculate the write offsets.(CVE-2026-42959)\n\nNLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack) he would be able to poison Unbound's cache. A malicious actor can exploit the possible poisonous effect by injecting RRSets other than NS that are also accompanied by address records in a reply, for example MX. This could be achieved by trying to spoof a reply packet or fragmentation attacks. Unbound would then accept the relative address records in the additional section and cache them if the authority RRSet has enough trust at this point, i.e., in-zone data for the delegation point. Unbound 1.25.1 contains a patch with a fix that disregards address records from the additional section if they are not explicitly relevant only to authority NS records, mitigating the possible poison effect. This is a complement fix to CVE-2025-11411.(CVE-2026-42960)", "category":"general", "title":"Description" }, { "text":"An update for unbound is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"unbound", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2523", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2523" }, { "summary":"CVE-2026-33278", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-33278&packageName=unbound" }, { "summary":"CVE-2026-41292", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-41292&packageName=unbound" }, { "summary":"CVE-2026-42944", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42944&packageName=unbound" }, { "summary":"CVE-2026-42959", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42959&packageName=unbound" }, { "summary":"CVE-2026-42960", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-42960&packageName=unbound" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33278" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41292" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42944" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42959" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42960" }, { "summary":"openEuler-SA-2026-2523 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2523.json" } ], "title":"An update for unbound is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-06-03T14:46:27+08:00", "revision_history":[ { "date":"2026-06-03T14:46:27+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-03T14:46:27+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-03T14:46:27+08:00", "id":"openEuler-SA-2026-2523", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-unbound-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"python3-unbound-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"python3-unbound-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-anchor-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-anchor-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-anchor-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-debugsource-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-debugsource-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-debugsource-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-devel-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-devel-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-devel-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-help-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-help-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-help-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-libs-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-libs-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-libs-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-utils-1.17.1-16.oe2403sp3.aarch64.rpm", "name":"unbound-utils-1.17.1-16.oe2403sp3.aarch64.rpm" }, "name":"unbound-utils-1.17.1-16.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"python3-unbound-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"python3-unbound-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"python3-unbound-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-anchor-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-anchor-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-anchor-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-debugsource-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-debugsource-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-debugsource-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-devel-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-devel-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-devel-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-help-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-help-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-help-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-libs-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-libs-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-libs-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-utils-1.17.1-16.oe2403sp3.x86_64.rpm", "name":"unbound-utils-1.17.1-16.oe2403sp3.x86_64.rpm" }, "name":"unbound-utils-1.17.1-16.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"unbound-1.17.1-16.oe2403sp3.src.rpm", "name":"unbound-1.17.1-16.oe2403sp3.src.rpm" }, "name":"unbound-1.17.1-16.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-unbound-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "name":"python3-unbound-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-anchor-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-anchor-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-debugsource-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-debugsource-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-devel-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-devel-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-help-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-help-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-libs-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-libs-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-utils-1.17.1-16.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "name":"unbound-utils-1.17.1-16.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"python3-unbound-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "name":"python3-unbound-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-anchor-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-anchor-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-debugsource-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-debugsource-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-devel-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-devel-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-help-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-help-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-libs-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-libs-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-utils-1.17.1-16.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "name":"unbound-utils-1.17.1-16.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"unbound-1.17.1-16.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src", "name":"unbound-1.17.1-16.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-33278", "notes":[ { "text":"NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the vulnerability by controlling a malicious signed zone and querying a vulnerable Unbound. When DS sub-queries need to suspend validation due to NSEC3 computational budget exhaustion (introduced in Unbound 1.19.1), Unbound deep-copies response messages to preserve them across memory region teardown. A struct-assignment bug overwrites the destination's pointer with the source's pointer. After the sub-query region is freed, the resumed validator dereferences this dangling pointer, triggering a crash or potentially enabling arbitrary code execution. Unbound 1.25.1 contains a patch with a fix to preserve the correct pointer when deep copying the data structure.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ], "details":"unbound security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2523" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-33278" }, { "cve":"CVE-2026-41292", "notes":[ { "text":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data structures for the options. Coordinated attacks can result in degradation and/or denial of service. Unbound 1.25.1 contains a patch with a fix to limit acceptable incoming EDNS options (100).", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ], "details":"unbound security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2523" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-41292" }, { "cve":"CVE-2026-42944", "notes":[ { "text":"NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ], "details":"unbound security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2523" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-42944" }, { "cve":"CVE-2026-42959", "notes":[ { "text":"NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could increase the ANSWER section count and authority filtering could decrease the AUTHORITY section count and create an uninitialized array slot. Combining these two, the validator later dereferences this uninitialized pointer, causing an immediate process crash. An adversary controlling a DNSSEC-signed domain can trigger this bug with a single query by configuring a DNAME chain with unsigned CNAMEs and a response containing unsigned AUTHORITY records alongside signed ADDITIONAL glue records. Unbound 1.25.1 contains a patch with a fix to use the proper counters to calculate the write offsets.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ], "details":"unbound security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2523" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-42959" }, { "cve":"CVE-2026-42960", "notes":[ { "text":"NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such records in a reply (i.e., spoofed packet, fragmentation attack) he would be able to poison Unbound's cache. A malicious actor can exploit the possible poisonous effect by injecting RRSets other than NS that are also accompanied by address records in a reply, for example MX. This could be achieved by trying to spoof a reply packet or fragmentation attacks. Unbound would then accept the relative address records in the additional section and cache them if the authority RRSet has enough trust at this point, i.e., in-zone data for the delegation point. Unbound 1.25.1 contains a patch with a fix that disregards address records from the additional section if they are not explicitly relevant only to authority NS records, mitigating the possible poison effect. This is a complement fix to CVE-2025-11411.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ], "details":"unbound security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2523" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":10.0, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:python3-unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-anchor-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debuginfo-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-debugsource-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-devel-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-help-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-libs-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-utils-1.17.1-16.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:unbound-1.17.1-16.oe2403sp3.src" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-42960" } ] }