CVE-2026-32792

5.3 MEDIUM

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('-...

Published: 2026-05-20 · Last updated: 2026-05-20

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-125, CWE-166

Affected products

Vendor	Product
nlnetlabs	unbound

Description

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-32792
[Vendor advisory]https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt

Related CVEs

Same vendor

CVE-2026-49235 — When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes (7.5 HIGH)
CVE-2026-49234 — When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes (7.5 HIGH)
CVE-2026-49233 — Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator ... (7.5 HIGH)
CVE-2026-44608 — NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are m... (5.9 MEDIUM)
CVE-2026-44390 — NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs... (5.3 MEDIUM)

Same CWE

CVE-2026-4367 — A flaw was found in libXpm (5.5 MEDIUM)
CVE-2026-47963 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47934 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47927 — DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive me... (5.5 MEDIUM)
CVE-2026-47748 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (5.5 MEDIUM)