Date: Thu, 29 Sep 2022 05:42:14 GMT From: =?utf-8?Q?Fernando=20Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 90c18b46cfbe - main - security/vuxml: Document unbound vulnerability Message-ID: <202209290542.28T5gENP081356@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=90c18b46cfbe234e0d483984cf44cc1867935ab8 commit 90c18b46cfbe234e0d483984cf44cc1867935ab8 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2022-09-29 05:35:45 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2022-09-29 05:35:45 +0000 security/vuxml: Document unbound vulnerability PR: 266654 Reported by: Herbert J. Skuhra <herbert@gojira.at> Security: CVE-2022-3204 --- security/vuxml/vuln-2022.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 0a0883f5f590..a01fb2fa89c9 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,42 @@ + <vuln vid="5a1c2e06-3fb7-11ed-a402-b42e991fc52e"> + <topic>unbound -- Non-Responsive Delegation Attack</topic> + <affects> + <package> + <name>unbound</name> + <range><lt>1.16.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p> + A vulnerability named 'Non-Responsive Delegation Attack' + (NRDelegation Attack) has been discovered in various DNS + resolving software. The NRDelegation Attack works by having + a malicious delegation with a considerable number of non + responsive nameservers. The attack starts by querying a + resolver for a record that relies on those unresponsive + nameservers. The attack can cause a resolver to spend a lot + of time/resources resolving records under a malicious + delegation point where a considerable number of unresponsive + NS records reside. It can trigger high CPU usage in some + resolver implementations that continually look in the cache + for resolved NS records in that delegation. + </p> + <blockquote cite="https://www.cvedetails.com/cve/CVE-2022-3204">; + <p>.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-3204</cvename> + <url>https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt</url>; + </references> + <dates> + <discovery>2022-09-26</discovery> + <entry>2022-09-29</entry> + </dates> + </vuln> + <vuln vid="cb902a77-3f43-11ed-9402-901b0e9408dc"> <topic>Matrix clients -- several vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202209290542.28T5gENP081356>