git: 7382ac2b1be7 - main - security/vuxml: document unbound vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 06 Oct 2024 16:16:53 UTC
The branch main has been updated by fuz: URL: https://cgit.FreeBSD.org/ports/commit/?id=7382ac2b1be7e88d833178bd9da899342293aa2f commit 7382ac2b1be7e88d833178bd9da899342293aa2f Author: Robert Clausecker <fuz@FreeBSD.org> AuthorDate: 2024-10-06 15:22:35 +0000 Commit: Robert Clausecker <fuz@FreeBSD.org> CommitDate: 2024-10-06 16:16:19 +0000 security/vuxml: document unbound vulnerability PR: 281894 Security: CVE-2024-8508 Security: 2368755b-83f6-11ef-8d2e-a04a5edf46d9 --- security/vuxml/vuln/2024.xml | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index c7a7e8ea2a68..abd25ac05ad8 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,41 @@ + <vuln vid="2368755b-83f6-11ef-8d2e-a04a5edf46d9"> + <topic>Unbound -- Denial of service attack</topic> + <affects> + <package> + <name>unbound</name> + <range><lt>1.21.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NLnet labs report:</p> + <blockquote cite="https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/"> + <p>A vulnerability has been discovered in Unbound when handling + replies with very large RRsets that Unbound needs to perform name + compression for.</p> + <p>Malicious upstreams responses with very large RRsets can cause + Unbound to spend a considerable time applying name compression to + downstream replies. This can lead to degraded performance and + eventually denial of service in well orchestrated attacks.</p> + <p>Unbound version 1.21.1 introduces a hard limit on the number of + name compression calculations it is willing to do per packet. + Packets that need more compression will result in semi-compressed + packets or truncated packets, even on TCP for huge messages, to + avoid locking the CPU for long.</p> + <p>This change should not affect normal DNS traffic.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-8508</cvename> + <url>https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/</url> + </references> + <dates> + <discovery>2024-10-03</discovery> + <entry>2024-10-06</entry> + </dates> + </vuln> + <vuln vid="fe7031d3-3000-4b43-9fa6-52c2b624b8f9"> <topic>zeek -- potential DoS vulnerability</topic> <affects>