CLSA-2026-1779533909

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779533909

Upstream

Published

2026-05-23T10:58:33Z

Modified

2026-06-01T00:32:34.799323795Z

Summary

unbound: Fix of 3 CVEs

Details

CVE-2026-33278: dangling pointer dereference in dnsmsgdeepcopyregion() during DS sub-query suspend/resume; the previously-backported CVE-2023-50387-CVE-2023-50868.patch dragged the vulnerable '*res->rep = *origin->rep;' struct-assignment into our 1.16.2 tree. Save the destination rrsets pointer, sized-memcpy with rrsetref excluded, restore the pointer. Adds defense-in-depth paramsetsame() NSEC3 parameter consistency check called from all five nsec3prove* entry points.

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-3.el9_2.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-3.el9_2.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-3.el9_2.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-3.el9_2.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1779533909.json"