Copyright © 2012 Red Hat, Inc. All rights reserved. Important 2026-05-20T11:33:22 unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

A flaw was found in Unbound, a Domain Name System (DNS) resolver. A remote attacker could trigger a heap overflow by sending specially crafted DNS reply packets. This occurs when Unbound attempts to encode multiple Name Server Identifier (NSID) or Extension Mechanisms for DNS (EDNS) Cookie options, or EDNS Padding options, and these options are enabled. Successful exploitation of this vulnerability could lead to a denial of service (DoS), making the Unbound service unavailable.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Hardened Images 2026-05-20T00:00:00Z RHSA-2026:19752 unbound-main-1.25.1-0.1.hum1 Red Hat Enterprise Linux 10 Affected unbound Red Hat Enterprise Linux 6 Will not fix unbound Red Hat Enterprise Linux 7 Affected unbound Red Hat Enterprise Linux 8 Affected unbound Red Hat Enterprise Linux 9 Affected unbound Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-42944 https://nvd.nist.gov/vuln/detail/CVE-2026-42944