Vulnerability CVE-2011-4528: Information

Description

Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.

Severity: MEDIUM (5.0)

References to Advisories, Solutions, and Tools

1. Affected configurations:

   1. Configuration 1

      cpe:2.3:a:unbound:unbound:1.3.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:*:*:*:*:*:*:*:*

      End including

      1.4.13

      ---

      cpe:2.3:a:unbound:unbound:0.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.3.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.3.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.0.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.2.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.3.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.3.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.1.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.7.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.12:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.14:rc1:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.7.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.2.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.11:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.09:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.1.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:1.4.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:unbound:unbound:0.5:*:*:*:*:*:*:*

      ---