CNNVD-202510-3133 Information
CNNVD ID
CNNVD-202510-3133
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
NLnet Labs Unbound是NLnet Labs开源的一个高性能DNS解析器。 NLnet Labs Unbound 1.24.0及之前版本存在安全漏洞,该漏洞源于未清理未经请求的NS记录集,可能导致域名劫持攻击。
Description (English)
NLnet Labs Unborn is a high-performance DNS solver for NLnet Labs. NLnet Labs Unborn 1.24.0 and previous versions have a security loophole, which stems from the failure to clean up an unrequested NS record collection, which could lead to a domain name hijacking attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NLnet Labs
Published
2025-10-22
Last Modified
2026-02-24
References
https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html http://www.openwall.com/lists/oss-security/2025/11/26/4 https://vigilance.fr/vulnerability/Unbound-spoofing-via-Promiscuous-NS-RRSets-48553 https://vigilance.fr/vulnerability/Unbound-write-access-via-Unsolicited-NS-RRSets-YXDOMAIN-48871
Patch
https://www.nlnetlabs.nl/projects/unbound/security-advisories/
Share on: