Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

NLnet Labs — Vulnerabilities & Security Advisories 31

Browse all 31 CVE security advisories affecting NLnet Labs. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NLnet Labs operates as a non-profit research organization primarily focused on developing open-source software for the Domain Name System (DNS) and internet infrastructure. Its most prominent contribution is Unbound, a validating, recursive, and caching DNS resolver widely deployed for its emphasis on security and privacy. Historically, vulnerabilities associated with its software have predominantly involved memory corruption issues, such as buffer overflows and use-after-free errors, rather than application-layer flaws like cross-site scripting. These defects typically stem from low-level C code implementation details. While no catastrophic, widespread breaches have defined its public history, the presence of twenty recorded CVEs indicates ongoing challenges in maintaining strict memory safety within complex network protocols. The organization generally addresses these findings through prompt patches, reflecting a standard open-source maintenance lifecycle where technical rigor in cryptographic and network logic is prioritized over commercial feature expansion.

Found 20 results / 31Clear Filters
Top products by NLnet Labs: unbound Routinator Krill bcder
CVE IDTitleCVSSSeverityPublished
CVE-2026-44608 Use after free and crash under special conditions in RPZ code — UnboundCWE-413--2026-05-20
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service — UnboundCWE-407--2026-05-20
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section — UnboundCWE-349--2026-05-20
CVE-2026-42959 Crash during DNSSEC validation of malicious content — UnboundCWE-824--2026-05-20
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options — UnboundCWE-197--2026-05-20
CVE-2026-42923 Degradation of service with unbounded NSEC3 hash calculations — UnboundCWE-407--2026-05-20
CVE-2026-42534 Jostle logic bypass degrades resolution performance — UnboundCWE-440--2026-05-20
CVE-2026-41292 Long list of incoming EDNS options degrades performance — UnboundCWE-407--2026-05-20
CVE-2026-40622 Another 'ghost domain names' attack variant — Unbound--2026-05-20
CVE-2026-33278 Possible arbitrary code execution during DNSSEC validation — UnboundCWE-416--2026-05-20
CVE-2026-32792 Packet of death with DNSCrypt — UnboundCWE-166--2026-05-20
CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section — UnboundCWE-349 7.5AIHighAI2025-10-22
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack — UnboundCWE-349 5.3 -2025-07-16
CVE-2024-8508 Unbounded name compression could lead to Denial of Service — UnboundCWE-606 5.3 Medium2024-10-03
CVE-2024-1931 Denial of service when trimming EDE text on positive replies — UnboundCWE-835 7.5 High2024-03-07
CVE-2022-3204 NRDelegation Attack — Unbound 7.5 -2022-09-26
CVE-2022-30699 Novel "ghost domain names" attack by updating almost expired delegation information — Unbound 6.5 -2022-08-01
CVE-2022-30698 Novel "ghost domain names" attack by introducing subdomain delegations — Unbound 6.5 -2022-08-01
CVE-2020-28935 Local symlink attack in Unbound and NSD — UnboundCWE-59 7.8 -2020-12-07
CVE-2017-15105 Unbound 安全漏洞 — unboundCWE-358 5.3 -2018-01-23

This page lists every published CVE security advisory associated with NLnet Labs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.