CVE-2025-5994
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-5994
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-5994.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-5994
- Downstream
- Related
- Published
- 2025-07-16T15:15:33Z
- Modified
- 2025-07-20T04:53:50.066607Z
- Summary
- [none]
- Details
-
A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.
- References
Affected packages
Alpine:v3.22 / unbound
Package
- Name
- unbound
- Purl
- pkg:apk/alpine/unbound?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.23.1-r0
Affected versions
1.*
1.4.10-r0
1.4.10-r1
1.4.10-r2
1.4.10-r3
1.4.13-r0
1.4.13-r1
1.4.13-r2
1.4.13-r3
1.4.14-r0
1.4.15-r0
1.4.16-r0
1.4.17-r0
1.4.18-r0
1.4.19-r0
1.4.19-r1
1.4.19-r2
1.4.20-r0
1.4.20-r1
1.4.20-r2
1.4.21-r0
1.4.21-r1
1.4.21-r2
1.4.22-r0
1.4.22-r1
1.5.1-r0
1.5.2-r0
1.5.2-r1
1.5.3-r0
1.5.4-r0
1.5.6-r0
1.5.6-r1
1.5.6-r2
1.5.6-r3
1.5.6-r4
1.5.7-r0
1.5.7-r1
1.5.8-r0
1.5.8-r1
1.5.9-r0
1.5.9-r1
1.5.10-r0
1.5.10-r1
1.5.10-r2
1.6.0-r0
1.6.0-r1
1.6.1-r0
1.6.1-r1
1.6.2-r0
1.6.3-r0
1.6.4-r0
1.6.5-r0
1.6.6-r0
1.6.7-r0
1.6.7-r1
1.6.7-r2
1.6.8-r0
1.7.0-r0
1.7.0-r1
1.7.0-r2
1.7.1-r0
1.7.3-r0
1.8.0-r0
1.8.1-r0
1.8.1-r1
1.8.3-r0
1.9.0-r0
1.9.1-r0
1.9.1-r1
1.9.1-r2
1.9.2-r0
1.9.2-r1
1.9.3-r0
1.9.4-r0
1.9.4-r1
1.9.5-r0
1.9.5-r1
1.9.5-r2
1.9.5-r3
1.9.6-r0
1.10.0-r0
1.10.1-r0
1.10.1-r1
1.11.0-r0
1.12.0-r0
1.13.0-r0
1.13.0-r1
1.13.0-r2
1.13.0-r3
1.13.1-r0
1.13.1-r1
1.13.1-r2
1.13.2-r0
1.13.2-r1
1.13.2-r2
1.14.0-r0
1.14.0-r1
1.15.0-r0
1.16.0-r0
1.16.0-r1
1.16.1-r0
1.16.2-r0
1.16.2-r1
1.16.3-r0
1.17.0-r0
1.17.0-r1
1.17.1-r0
1.17.1-r1
1.17.1-r2
1.17.1-r3
1.17.1-r4
1.18.0-r0
1.19.0-r0
1.19.1-r0
1.19.2-r0
1.19.3-r0
1.19.3-r1
1.19.3-r2
1.20.0-r0
1.20.0-r1
1.20.0-r2
1.21.0-r0
1.21.1-r0
1.22.0-r0
1.23.0-r0
1.23.0-r1
1.23.0-r2
Debian:11 / unbound
Package
- Name
- unbound
- Purl
- pkg:deb/debian/unbound?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.13.1-1
1.13.1-1+deb11u1
1.13.1-1+deb11u2
1.13.1-1+deb11u3
1.13.1-1+deb11u4
1.13.1-1.1
1.15.0-1
1.15.0-2
1.15.0-3
1.15.0-4
1.15.0-5
1.15.0-6
1.15.0-7
1.15.0-8
1.15.0-9
1.15.0-10
1.15.0-11
1.16.0-1
1.16.0-2
1.16.2-1
1.16.3-1
1.17.0-1
1.17.1-1~bpo11+1
1.17.1-1
1.17.1-2~bpo11+1
1.17.1-2
1.17.1-2+loong64
1.18.0-1
1.18.0-2
1.19.1-1
1.19.2-1
1.20.0-1
1.21.1-1
1.22.0-1
1.22.0-2
Debian:12 / unbound
Package
- Name
- unbound
- Purl
- pkg:deb/debian/unbound?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / unbound
Package
- Name
- unbound
- Purl
- pkg:deb/debian/unbound?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.22.0-2