Fedora Account System
Red Hat Associate
Red Hat Customer
A vulnerability was found in Unbound that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. Unbound 1.25.1 includes a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation that also contributes to the heap overflow.
This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2026:23231 https://access.redhat.com/errata/RHSA-2026:23231
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2026:24365 https://access.redhat.com/errata/RHSA-2026:24365
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2026:24369 https://access.redhat.com/errata/RHSA-2026:24369