vulnerability

FreeBSD: VID-8d3bae09-fd28-11e7-95f2-005056925db4 (CVE-2017-15105): unbound -- vulnerability in the processing of wildcard synthesized NSEC records

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Jan 19, 2018	Jan 20, 2018	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Jan 19, 2018

Added

Jan 20, 2018

Modified

Dec 10, 2025

Description

Unbound reports: We discovered a vulnerability in the processing of wildcard synthesized NSEC records. While synthesis of NSEC records is allowed by RFC4592, these synthesized owner names should not be used in the NSEC processing. This does, however, happen in Unbound 1.6.7 and earlier versions.

Solution

freebsd-upgrade-package-unbound

References

CVE-2017-15105
https://attackerkb.com/topics/CVE-2017-15105
CWE-358
CWE-20

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today