CVE-2026-42959
- Source
- https://cve.org/CVERecord?id=CVE-2026-42959
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42959.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-42959
- Downstream
- Related
- Published
- 2026-05-20T10:16:27.903Z
- Modified
- 2026-06-11T16:14:06.669542757Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets for ADDITIONAL section rrsets. DNAME duplication could increase the ANSWER section count and authority filtering could decrease the AUTHORITY section count and create an uninitialized array slot. Combining these two, the validator later dereferences this uninitialized pointer, causing an immediate process crash. An adversary controlling a DNSSEC-signed domain can trigger this bug with a single query by configuring a DNAME chain with unsigned CNAMEs and a response containing unsigned AUTHORITY records alongside signed ADDITIONAL glue records. Unbound 1.25.1 contains a patch with a fix to use the proper counters to calculate the write offsets.
- References
Affected packages
Git / github.com/nlnetlabs/unbound
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nlnetlabs/unbound
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "fixed": "1.25.1" } ], "cpe": "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "source": "CPE_RANGE" }
Affected versions
1.*
1.11.0rc1
Other
final-svn-state
release-0.*
release-0.0
release-0.1
release-0.10
release-0.11
release-0.3
release-0.4
release-0.5
release-0.6
release-0.7
release-0.8
release-1.*
release-1.0.1
release-1.1.1
release-1.10.0rc1
release-1.10.0rc2
release-1.11.0
release-1.11.0rc1
release-1.12.0
release-1.12.0rc1
release-1.13.0rc1
release-1.13.0rc2
release-1.13.0rc3
release-1.13.0rc4
release-1.13.1
release-1.13.1rc1
release-1.13.1rc2
release-1.13.2
release-1.13.2rc1
release-1.14.0
release-1.14.0rc1
release-1.15.0
release-1.15.0rc1
release-1.16.0
release-1.16.0rc1
release-1.16.1
release-1.16.1rc1
release-1.16.2
release-1.18.0
release-1.18.0rc1
release-1.19.0
release-1.19.0rc1
release-1.19.3rc1
release-1.20.0
release-1.20.0rc1
release-1.21.0
release-1.21.0rc1
release-1.22.0
release-1.22.0rc1
release-1.23.0rc1
release-1.24.0
release-1.24.0rc1
release-1.25.0
release-1.25.0rc1
release-1.3.1
release-1.3.2
release-1.3.3
release-1.3.3rc1
release-1.4.0
release-1.4.0rc1
release-1.4.1
release-1.4.11
release-1.4.11rc1
release-1.4.11rc2
release-1.4.11rc3
release-1.4.12rc1
release-1.4.13
release-1.4.13rc1
release-1.4.13rc2
release-1.4.14
release-1.4.14rc1
release-1.4.17
release-1.4.17rc1
release-1.4.18rc1
release-1.4.18rc2
release-1.4.19
release-1.4.19rc1
release-1.4.2
release-1.4.20
release-1.4.22
release-1.4.22rc1
release-1.4.3
release-1.4.4
release-1.4.4rc1
release-1.4.5
release-1.4.5rc1
release-1.4.6
release-1.4.6rc1
release-1.4.7
release-1.4.7rc1
release-1.4.8rc1
release-1.4.9
release-1.4.9rc1
release-1.5.0rc1
release-1.5.1
release-1.5.10
release-1.5.10rc1
release-1.5.1rc1
release-1.5.1rc2
release-1.5.2
release-1.5.2rc1
release-1.5.3rc1
release-1.5.4
release-1.5.4rc1
release-1.5.5
release-1.5.5rc1
release-1.5.6
release-1.5.6rc1
release-1.5.7
release-1.5.8
release-1.5.8rc1
release-1.5.9rc1
release-1.6.0rc1
release-1.6.1rc1
release-1.6.1rc2
release-1.6.1rc3
release-1.6.2rc1
release-1.6.4rc1
release-1.6.4rc2
release-1.6.6rc1
release-1.6.6rc2
release-1.6.7
release-1.6.7rc1
release-1.7.0rc1
release-1.7.0rc2
release-1.7.0rc3
release-1.7.1rc1
release-1.7.2rc1
release-1.7.3rc1
release-1.8.0rc1
release-1.8.1rc1
release-1.8.2rc1
release-1.9.0rc1
release-1.9.1rc1
release-1.9.2
release-1.9.2rc1
release-1.9.2rc2
release-1.9.2rc3
release-1.9.3
release-1.9.3rc1
release-1.9.3rc2
release-1.9.6
release-1.9.6rc1
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "26148135886169857913239956572075736548",
"length": 1502.0
},
"id": "CVE-2026-42959-7cb89fac",
"signature_version": "v1",
"target": {
"file": "services/rpz.c",
"function": "rpz_callback_from_iterator_module"
},
"deprecated": false,
"source": "https://github.com/nlnetlabs/unbound/commit/75b6dba593d4fff000434cd64807c6ebd50bd244",
"signature_type": "Function"
},
{
"digest": {
"line_hashes": [
"108481287081154918060659085654141150584",
"73953166938600086918224773195867549742",
"15251087855327528788980657535362970158",
"48532896601082718174781974683716349061",
"287248990686482337183326495344180868363",
"112058947495561481565691171486557666856",
"238258467286774268681997190612827183971",
"126648031849056156900266153546629664662",
"335401097143186200364020904286165936708",
"336096779053276656395004922884987906159",
"248876396313049466881138460638611830858",
"293135123655960925553682804594622081358",
"298612071867479354827766089224387452786",
"217265304546593372824910550975155656654",
"13292601781282786772501437491204364169",
"281286782737850123600796590480125479595",
"74511316679551775089931390035715335201",
"161066344018382590627892027575409612852",
"226343512543910522766563315515650712879"
],
"threshold": 0.9
},
"id": "CVE-2026-42959-a3b17d2e",
"signature_version": "v1",
"target": {
"file": "services/rpz.c"
},
"deprecated": false,
"source": "https://github.com/nlnetlabs/unbound/commit/75b6dba593d4fff000434cd64807c6ebd50bd244",
"signature_type": "Line"
}
]
vanir_signatures_modified
"2026-06-02T08:21:45Z"
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-42959.json"