UBUNTU-CVE-2024-33655

The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.

References

Affected packages

Ubuntu:Pro:14.04:LTS / unbound

Package

Name: unbound
Purl: pkg:deb/ubuntu/unbound@1.4.22-1ubuntu4.14.04.3+esm2?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.20-1

1.4.21-1

1.4.21-1ubuntu1

1.4.21-1ubuntu2

1.4.22-1ubuntu1

1.4.22-1ubuntu2

1.4.22-1ubuntu3

1.4.22-1ubuntu4

1.4.22-1ubuntu4.14.04.1

1.4.22-1ubuntu4.14.04.2

1.4.22-1ubuntu4.14.04.3

1.4.22-1ubuntu4.14.04.3+esm1

1.4.22-1ubuntu4.14.04.3+esm2

Ecosystem specific

{
    "priority_reason": "Upstream Unbound project has rated this as having a low security impact."
}

Ubuntu:Pro:16.04:LTS / unbound

Package

Name: unbound
Purl: pkg:deb/ubuntu/unbound@1.5.8-1ubuntu1.1+esm2?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.22-1ubuntu6

1.5.7-1ubuntu1

1.5.7-1ubuntu2

1.5.8-1ubuntu1

1.5.8-1ubuntu1.1

1.5.8-1ubuntu1.1+esm1

1.5.8-1ubuntu1.1+esm2

Ecosystem specific

{
    "priority_reason": "Upstream Unbound project has rated this as having a low security impact."
}

Ubuntu:Pro:18.04:LTS / unbound

Package

Name: unbound
Purl: pkg:deb/ubuntu/unbound@1.6.7-1ubuntu2.6+esm3?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.5-1

1.6.7-1

1.6.7-1build1

1.6.7-1ubuntu1

1.6.7-1ubuntu2

1.6.7-1ubuntu2.1

1.6.7-1ubuntu2.2

1.6.7-1ubuntu2.3

1.6.7-1ubuntu2.4

1.6.7-1ubuntu2.5

1.6.7-1ubuntu2.6

1.6.7-1ubuntu2.6+esm2

1.6.7-1ubuntu2.6+esm3

Ecosystem specific

{
    "priority_reason": "Upstream Unbound project has rated this as having a low security impact."
}

Ubuntu:20.04:LTS / unbound

Package

Name: unbound
Purl: pkg:deb/ubuntu/unbound@1.9.4-2ubuntu1.6?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.4-2ubuntu1.6

Affected versions

1.*

1.9.0-2ubuntu1

1.9.0-2ubuntu2

1.9.4-2

1.9.4-2ubuntu1

1.9.4-2ubuntu1.1

1.9.4-2ubuntu1.2

1.9.4-2ubuntu1.3

1.9.4-2ubuntu1.4

1.9.4-2ubuntu1.5

Ecosystem specific

{
    "priority_reason": "Upstream Unbound project has rated this as having a low security impact.",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libunbound-dev",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "libunbound8",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "libunbound8-dbgsym",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "python-unbound",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "python-unbound-dbgsym",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "python3-unbound",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "python3-unbound-dbgsym",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "unbound",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "unbound-anchor",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "unbound-anchor-dbgsym",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "unbound-dbgsym",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "unbound-host",
            "binary_version": "1.9.4-2ubuntu1.6"
        },
        {
            "binary_name": "unbound-host-dbgsym",
            "binary_version": "1.9.4-2ubuntu1.6"
        }
    ]
}

Ubuntu:22.04:LTS / unbound

Package

Name: unbound
Purl: pkg:deb/ubuntu/unbound@1.13.1-1ubuntu5.5?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.13.1-1ubuntu5.5

Affected versions

1.*

1.13.1-1ubuntu1

1.13.1-1ubuntu3

1.13.1-1ubuntu5

1.13.1-1ubuntu5.1

1.13.1-1ubuntu5.2

1.13.1-1ubuntu5.3

1.13.1-1ubuntu5.4

Ecosystem specific

{
    "priority_reason": "Upstream Unbound project has rated this as having a low security impact.",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libunbound-dev",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "libunbound8",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "libunbound8-dbgsym",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "python3-unbound",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "python3-unbound-dbgsym",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "unbound",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "unbound-anchor",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "unbound-anchor-dbgsym",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "unbound-dbgsym",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "unbound-host",
            "binary_version": "1.13.1-1ubuntu5.5"
        },
        {
            "binary_name": "unbound-host-dbgsym",
            "binary_version": "1.13.1-1ubuntu5.5"
        }
    ]
}

Ubuntu:24.04:LTS / unbound

Package

Name: unbound
Purl: pkg:deb/ubuntu/unbound@1.19.2-1ubuntu3.1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.2-1ubuntu3.1

Affected versions

1.*

1.17.1-2

1.18.0-2ubuntu1

1.18.0-2ubuntu2

1.19.1-1ubuntu1

1.19.2-1ubuntu1

1.19.2-1ubuntu3

Ecosystem specific

{
    "priority_reason": "Upstream Unbound project has rated this as having a low security impact.",
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libunbound-dev",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "libunbound8",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "libunbound8-dbgsym",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "python3-unbound",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "python3-unbound-dbgsym",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "unbound",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "unbound-anchor",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "unbound-anchor-dbgsym",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "unbound-dbgsym",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "unbound-host",
            "binary_version": "1.19.2-1ubuntu3.1"
        },
        {
            "binary_name": "unbound-host-dbgsym",
            "binary_version": "1.19.2-1ubuntu3.1"
        }
    ]
}