What is CVE-2024-8508?

CVE-2024-8508 is a medium-severity vulnerability in Nlnet Labs Unbound, classified under CWE-606. CVSS score: 5.3/10. Published 2024-10-03.

How severe is CVE-2024-8508?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-8508 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Nlnet Labs Unbound

CVE-2024-8508

NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbou…

EPSS: 0.002 (36.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Nlnet Labs Unbound — versions 0

Weakness classification (CWE)

CWE-606

Public proof-of-concept exploits

References

www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt (vendor-advisory)

Frequently asked questions

What is CVE-2024-8508?: CVE-2024-8508 is a medium-severity vulnerability in Nlnet Labs Unbound, classified under CWE-606. CVSS score: 5.3/10. Published 2024-10-03.
How severe is CVE-2024-8508?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-8508 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.