CVE-2026-42534

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-42534
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42534.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-42534
Downstream
Related
Published
2026-05-20T10:16:27.477Z
Modified
2026-06-06T07:44:13.344449723Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the same query could renew the age of slow running queries and not allow the jostle logic to see them as aged and potential targets for replacement with new queries. An adversary who can query a vulnerable Unbound and who can control a domain name server that replies slowly and/or maliciously to Unbound's queries can exploit the vulnerability and degrade the resolution performance of Unbound. When Unbound's 'num-queries-per-thread' reaches its limit, the jostle logic kicks in. When a new query comes in, half of the available queries that are also slow to resolve are candidates for replacement. The vulnerability then happens because duplicate queries that need resolution would skew the aging result by using the timestamp of the latest duplicate query instead of the original one that started the resolution effort. Cache and local data response performance remains unaffected. Coordinated attacks could raise this to a denial of resolution service. Unbound 1.25.1 contains a patch with a fix to attach an initial, non-updatable start time for incoming queries that allow the jostle logic to work as intended.

References

Affected packages

Git / github.com/nlnetlabs/unbound

Affected ranges

Type
GIT
Repo
https://github.com/nlnetlabs/unbound
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
75b6dba593d4fff000434cd64807c6ebd50bd244
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.25.1"
        }
    ],
    "cpe": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

1.*
1.11.0rc1
Other
final-svn-state
release-0.*
release-0.0
release-0.1
release-0.10
release-0.11
release-0.3
release-0.4
release-0.5
release-0.6
release-0.7
release-0.8
release-1.*
release-1.0.1
release-1.1.1
release-1.10.0rc1
release-1.10.0rc2
release-1.11.0
release-1.11.0rc1
release-1.12.0
release-1.12.0rc1
release-1.13.0rc1
release-1.13.0rc2
release-1.13.0rc3
release-1.13.0rc4
release-1.13.1
release-1.13.1rc1
release-1.13.1rc2
release-1.13.2
release-1.13.2rc1
release-1.14.0
release-1.14.0rc1
release-1.15.0
release-1.15.0rc1
release-1.16.0
release-1.16.0rc1
release-1.16.1
release-1.16.1rc1
release-1.16.2
release-1.18.0
release-1.18.0rc1
release-1.19.0
release-1.19.0rc1
release-1.19.3rc1
release-1.20.0
release-1.20.0rc1
release-1.21.0
release-1.21.0rc1
release-1.22.0
release-1.22.0rc1
release-1.23.0rc1
release-1.24.0
release-1.24.0rc1
release-1.25.0
release-1.25.0rc1
release-1.3.1
release-1.3.2
release-1.3.3
release-1.3.3rc1
release-1.4.0
release-1.4.0rc1
release-1.4.1
release-1.4.11
release-1.4.11rc1
release-1.4.11rc2
release-1.4.11rc3
release-1.4.12rc1
release-1.4.13
release-1.4.13rc1
release-1.4.13rc2
release-1.4.14
release-1.4.14rc1
release-1.4.17
release-1.4.17rc1
release-1.4.18rc1
release-1.4.18rc2
release-1.4.19
release-1.4.19rc1
release-1.4.2
release-1.4.20
release-1.4.22
release-1.4.22rc1
release-1.4.3
release-1.4.4
release-1.4.4rc1
release-1.4.5
release-1.4.5rc1
release-1.4.6
release-1.4.6rc1
release-1.4.7
release-1.4.7rc1
release-1.4.8rc1
release-1.4.9
release-1.4.9rc1
release-1.5.0rc1
release-1.5.1
release-1.5.10
release-1.5.10rc1
release-1.5.1rc1
release-1.5.1rc2
release-1.5.2
release-1.5.2rc1
release-1.5.3rc1
release-1.5.4
release-1.5.4rc1
release-1.5.5
release-1.5.5rc1
release-1.5.6
release-1.5.6rc1
release-1.5.7
release-1.5.8
release-1.5.8rc1
release-1.5.9rc1
release-1.6.0rc1
release-1.6.1rc1
release-1.6.1rc2
release-1.6.1rc3
release-1.6.2rc1
release-1.6.4rc1
release-1.6.4rc2
release-1.6.6rc1
release-1.6.6rc2
release-1.6.7
release-1.6.7rc1
release-1.7.0rc1
release-1.7.0rc2
release-1.7.0rc3
release-1.7.1rc1
release-1.7.2rc1
release-1.7.3rc1
release-1.8.0rc1
release-1.8.1rc1
release-1.8.2rc1
release-1.9.0rc1
release-1.9.1rc1
release-1.9.2
release-1.9.2rc1
release-1.9.2rc2
release-1.9.2rc3
release-1.9.3
release-1.9.3rc1
release-1.9.3rc2
release-1.9.6
release-1.9.6rc1

Database specific

vanir_signatures 
[
    {
        "digest": {
            "function_hash": "26148135886169857913239956572075736548",
            "length": 1502.0
        },
        "signature_version": "v1",
        "id": "CVE-2026-42534-7cb89fac",
        "target": {
            "file": "services/rpz.c",
            "function": "rpz_callback_from_iterator_module"
        },
        "deprecated": false,
        "source": "https://github.com/nlnetlabs/unbound/commit/75b6dba593d4fff000434cd64807c6ebd50bd244",
        "signature_type": "Function"
    },
    {
        "digest": {
            "line_hashes": [
                "108481287081154918060659085654141150584",
                "73953166938600086918224773195867549742",
                "15251087855327528788980657535362970158",
                "48532896601082718174781974683716349061",
                "287248990686482337183326495344180868363",
                "112058947495561481565691171486557666856",
                "238258467286774268681997190612827183971",
                "126648031849056156900266153546629664662",
                "335401097143186200364020904286165936708",
                "336096779053276656395004922884987906159",
                "248876396313049466881138460638611830858",
                "293135123655960925553682804594622081358",
                "298612071867479354827766089224387452786",
                "217265304546593372824910550975155656654",
                "13292601781282786772501437491204364169",
                "281286782737850123600796590480125479595",
                "74511316679551775089931390035715335201",
                "161066344018382590627892027575409612852",
                "226343512543910522766563315515650712879"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "id": "CVE-2026-42534-a3b17d2e",
        "target": {
            "file": "services/rpz.c"
        },
        "deprecated": false,
        "source": "https://github.com/nlnetlabs/unbound/commit/75b6dba593d4fff000434cd64807c6ebd50bd244",
        "signature_type": "Line"
    }
]
vanir_signatures_modified 
"2026-05-31T03:35:37Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42534.json"