[Git][security-tracker-team/security-tracker][master] Add new unbound issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 20 11:53:09 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4feb4535 by Salvatore Bonaccorso at 2026-05-20T12:52:48+02:00
Add new unbound issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,36 @@
+CVE-2026-44608 [Use after free and crash in RPZ code (special requirements apply)]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-44390 [Unbounded name compression in certain cases causes degradation of service]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-42960 [Possible cache poisoning attack while following delegation]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-42923 [Degradation of service with unbounded NSEC3 hash calculations]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-42534 [Jostle logic bypass degrades resolution performance]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-41292 [Parsing a long list of incoming EDNS options degrades performance]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-40622 ["Ghost domain name" variant]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-32792 [Packet of death with DNSCrypt (feasibility very low]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-42959 [Crash during DNSSEC validation of malicious content]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-42944 [Heap overflow and crash with multiple nsid, cookie, padding EDNS options]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
+CVE-2026-33278 [Possible arbitrary code execution during DNSSEC validation]
+ - unbound <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/5
CVE-2026-9057 (A broken access control issue has been identified in the Talend Admini ...)
NOT-FOR-US: Talend Administration Center
CVE-2026-9056 (A stored cross-site scripting vulnerability has been found in the Tale ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4feb4535f763f17281bce278126b082a9a84add3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4feb4535f763f17281bce278126b082a9a84add3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/10ff262d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list