FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-01 18:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2368755b-83f6-11ef-8d2e-a04a5edf46d9	Unbound -- Denial of service attack NLnet labs report: A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. Discovery 2024-10-03 Entry 2024-10-06 unbound < 1.21.1 CVE-2024-8508 https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/
e27ee4fc-cdc9-45a1-8242-09898cdbdc91	unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack sep@nlnetlabs.nl reports: A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies. Discovery 2025-07-16 Entry 2025-07-18 unbound > 1.6.1 lt 1.23.0 CVE-2025-5994 https://nvd.nist.gov/vuln/detail/CVE-2025-5994

VuXML ID

Description

2368755b-83f6-11ef-8d2e-a04a5edf46d9

Unbound -- Denial of service attack

NLnet labs report:

A vulnerability has been discovered in Unbound when handling replies with very large RRsets that Unbound needs to perform name compression for.

Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks.

Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long.

This change should not affect normal DNS traffic.

Discovery 2024-10-03
Entry 2024-10-06
unbound

< 1.21.1

CVE-2024-8508
https://nlnetlabs.nl/news/2024/Oct/03/unbound-1.21.1-released/

e27ee4fc-cdc9-45a1-8242-09898cdbdc91

unbound -- Cache poisoning via the ECS-enabled Rebirthday Attack

sep@nlnetlabs.nl reports:

A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.

Discovery 2025-07-16
Entry 2025-07-18
unbound

> 1.6.1 lt 1.23.0

CVE-2025-5994
https://nvd.nist.gov/vuln/detail/CVE-2025-5994