Published: 11/12/2014 Updated: 28/11/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

iterator.c in NLnet Labs Unbound prior to 1.5.1 does not limit delegation chaining, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nlnetlabs unbound
canonical ubuntu linux 14.04
canonical ubuntu linux 14.10
debian debian linux 7.0

Synopsis Low: unbound security and bug fix update Type/Severity Security Advisory: Low Topic Updated unbound packages that fix one security issue and several bugs arenow available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Low securityimpact A Common Vulnerabili ...

Debian Bug report logs - #772622 CVE-2014-8602: denial of service with endless delegations Package: src:unbound; Maintainer for src:unbound is unbound packagers <unbound@packagesdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Tue, 9 Dec 2014 09:00:02 UTC Severity: grave Tags: security Found i ...

Unbound could be made to consume resources if it received specially crafted network traffic ...

CWE-399 http://unbound.net/downloads/patch_cve_2014_8602.diff https://unbound.net/downloads/CVE-2014-8602.txt http://www.kb.cert.org/vuls/id/264212 http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html http://www.ubuntu.com/usn/USN-2484-1 http://www.debian.org/security/2014/dsa-3097 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/71589 https://access.redhat.com/errata/RHSA-2015:2455 https://usn.ubuntu.com/2484-1/https://nvd.nist.gov https://www.kb.cert.org/vuls/id/264212

CVE-2014-8602

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect