Bug 2479774 (CVE-2026-42944) - CVE-2026-42944 unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options
Summary: CVE-2026-42944 unbound: Heap overflow and crash with multiple nsid, cookie, p...
Keywords:
Status: NEW
Alias: CVE-2026-42944
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2480119 2481345
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-19 10:09 UTC by OSIDB Bzimport
Modified: 2026-06-16 18:09 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:23231 0 None None None 2026-06-04 08:32:41 UTC
Red Hat Product Errata RHSA-2026:24365 0 None None None 2026-06-08 08:40:56 UTC
Red Hat Product Errata RHSA-2026:24369 0 None None None 2026-06-08 10:25:23 UTC

Description OSIDB Bzimport 2026-05-19 10:09:36 UTC
A vulnerability was found in Unbound that results in heap overflow when
encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in
the reply packet.
The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need
to be enabled for the vulnerability to be exploited.

Unbound 1.25.1 includes a fix to de-duplicate the EDNS options and a fix to
prevent truncation of the EDNS field size calculation that also contributes to
the heap overflow.

Comment 2 errata-xmlrpc 2026-06-04 08:32:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:23231 https://access.redhat.com/errata/RHSA-2026:23231

Comment 3 errata-xmlrpc 2026-06-08 08:40:55 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:24365 https://access.redhat.com/errata/RHSA-2026:24365

Comment 4 errata-xmlrpc 2026-06-08 10:25:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:24369 https://access.redhat.com/errata/RHSA-2026:24369


Note You need to log in before you can comment on or make changes to this bug.