CVE-2026-42944

7.5 HIGH

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSI...

Published: 2026-05-20 · Last updated: 2026-05-20

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-197, CWE-787

Affected products

Vendor	Product
nlnetlabs	unbound

Description

NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses' (default)) need to be enabled for the vulnerability to be exploited. An adversary who can query Unbound can exploit the vulnerability by attaching multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options to the query. A flaw in the size calculation of the EDNS field truncates the correct value which allows the encoder to overflow the available space when writing. Those two combined lead to a heap overflow write of Unbound controlled data and eventually a crash. Unbound 1.25.1 contains a patch with a fix to de-duplicate the EDNS options and a fix to prevent truncation of the EDNS field size calculation.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-42944
[Vendor advisory]https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-42944.txt

Related CVEs

Same vendor

CVE-2026-44608 — NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are m... (5.9 MEDIUM)
CVE-2026-44390 — NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs... (5.3 MEDIUM)
CVE-2026-42960 — NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section (10.0 CRITICAL)
CVE-2026-42959 — NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a cr... (7.5 HIGH)
CVE-2026-42923 — NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the nega... (5.3 MEDIUM)

Same CWE

CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
CVE-2026-53461 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
CVE-2026-48724 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
CVE-2026-46559 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.0 MEDIUM)
CVE-2026-46521 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)