{
  "threat_severity" : "Moderate",
  "public_date" : "2026-05-26T03:43:23Z",
  "bugzilla" : {
    "description" : "unbound: Packet of death with DNSCrypt",
    "id" : "2479779",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2479779"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "details" : [ "NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.", "A flaw was found in Unbound. A remote attacker can exploit this vulnerability by sending a specially crafted DNSCrypt query. This malicious query, when processed, causes Unbound to read beyond its allocated memory, leading to a heap overflow. This can result in a denial of service (DoS) by crashing the Unbound service." ],
  "statement" : "This Moderate impact denial of service vulnerability affects Unbound instances compiled with DNSCrypt support. A specially crafted DNSCrypt query could lead to a heap overflow and service crash. However, the likelihood of a crash is low due to reliance on specific memory layouts and subsequent packet checks that may prevent successful exploitation.",
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-05-23T00:00:00Z",
    "advisory" : "RHSA-2026:20357",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "unbound-main-1.25.1-1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Fix deferred",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Fix deferred",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Fix deferred",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-32792\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32792" ],
  "name" : "CVE-2026-32792",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}