Test ID:	1.3.6.1.4.1.25623.1.0.148791
Category:	Denial of Service
Title:	Unbound DNS Resolver < 1.16.3 DoS Vulnerability
Summary:	Unbound DNS Resolver is prone to a denial of service (DoS); vulnerability 'Non-Responsive Delegation Attack' (NRDelegation Attack).
Description:	Summary: Unbound DNS Resolver is prone to a denial of service (DoS) vulnerability 'Non-Responsive Delegation Attack' (NRDelegation Attack). Vulnerability Insight: The NRDelegation Attack can exploit resolvers by having a malicious delegation with a considerable number of non responsive nameservers. It can trigger high CPU usage in some resolver implementations that continually look in the cache for resolved NS records in that delegation. This can lead to degraded performance and eventually denial of service in orchestrated attacks. Affected Software/OS: Unbound DNS Resolver version 1.16.2 and prior. Solution: Update to version 1.16.3 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-3204 https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3G2HS6CYPSIGAKO6QLEZPG3RD6AMPB7B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35QGS5FBQTG3DBSK7QV67PA64P24ABHY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4S4EU6DMJXQFMAIE6SLAH4H5RNRU6VQL/ https://security.gentoo.org/glsa/202212-02 https://lists.debian.org/debian-lts-announce/2023/03/msg00024.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.