INFSA-2025:12064: unbound security update
Information about definition
Identificator: INFSA-2025:12064
Type: security
Release date: 2025-07-31 15:59:51 UTC
Information about package
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Vulnerabilities description
- CVE-2025-5994
A cache poisoning flaw was found in Unbound. Resolvers supporting EDNS Client Subnet (ECS) must segregate outgoing queries to accommodate different outgoing ECS information. This issue reopens resolvers to a birthday paradox attack, known as the Rebirthday Attack, which attempts to match the DNS transaction ID with cache non-ECS poisoned replies.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-5994
|
no information | 7.5 | no information |
Updated packages