A flaw was found in Unbound, a Domain Name System (DNS) resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier (NSID) or Extension Mechanisms for DNS (EDNS) Cookie options, or EDNS Padding options, and these options are enabled. Successful exploitation of this vulnerability could lead to a denial of service (DoS), making the Unbound service unavailable.
A vulnerability was found in Unbound that results in heap overflow when
encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in
the reply packet.
The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need
to be enabled for the vulnerability to be exploited.
Unbound 1.25.1 includes a fix to de-duplicate the EDNS options and a fix to
prevent truncation of the EDNS field size calculation that also contributes to
the heap overflow.
A vulnerability was found in Unbound that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. Unbound 1.25.1 includes a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation that also contributes to the heap overflow.