Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2022-30699

Published: 1 August 2022

NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.

Notes

AuthorNote
mdeslaur
same commit as CVE-2022-30698

Priority

Medium

Cvss 3 Severity Score

6.5

Score breakdown

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
focal
Released (1.9.4-2ubuntu1.3)
jammy
Released (1.13.1-1ubuntu5.1)
trusty Needed

xenial Needed

upstream
Released (1.16.2)
bionic
Released (1.6.7-1ubuntu2.5)
kinetic
Released (1.16.2-1)
lunar
Released (1.16.2-1)
Patches:
upstream: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2)

Severity score breakdown

Parameter Value
Base score 6.5
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N