CVE-2026-42944 - High Severity Vulnerability
Vulnerable Libraries - src4.0.4, src4.0.4, src4.0.4
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (3)
/contrib/unbound/util/data/msgencode.c
/contrib/unbound/util/data/msgparse.c
/contrib/unbound/util/data/msgencode.h
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (3)
/contrib/unbound/util/data/msgencode.c
/contrib/unbound/util/data/msgparse.c
/contrib/unbound/util/data/msgencode.h
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (3)
/contrib/unbound/util/data/msgencode.c
/contrib/unbound/util/data/msgparse.c
/contrib/unbound/util/data/msgencode.h
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
Vulnerability Details
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.
Publish Date: 2026-05-20
URL: CVE-2026-42944
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.
Suggested Fix
Type: Upgrade version
Release Date: 2026-05-20
Fix Resolution: https://github.com/NLnetLabs/unbound.git - release-1.25.1
Step up your Open Source Security Game with Mend here
CVE-2026-42944 - High Severity Vulnerability
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
src4.0.4
Library home page: https://github.com/MidnightBSD/src.git
Found in HEAD commit: 816463d989cc5839c1cca2efb5bf2503408507fb
Found in base branches: stable/4.0, master
NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.
Publish Date: 2026-05-20
URL: CVE-2026-42944
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2026-05-20
Fix Resolution: https://github.com/NLnetLabs/unbound.git - release-1.25.1
Step up your Open Source Security Game with Mend here