Vulnerability in Nlnetlabs Unbound
CVE-2014-8602
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
EPSS: 0.076 (92.0th percentile) — read the EPSS interpretation.
Affected products
- Nlnetlabs Unbound
- Canonical Ubuntu_linux — versions 14.04, 14.10
- Debian Debian_linux — versions 7.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 71589 (vdb-entry, x_refsource_BID)
- cve@mitre.org (Patch, x_refsource_MISC)
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- DSA-3097 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM)
- VU#264212 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- USN-2484-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)