CVE-2009-3602

EPSS 1.6%

unbound - DNSSEC validation

Published: 10/13/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-3602

Description

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

Affected packages (2)

Debian/unboundfrom 0, < 1.3.4-1
Debian/unboundfrom 0, < 1.0.2-1+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-3602