CLSA-2026-1779534149

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1779534149

Upstream

Published

2026-05-23T11:02:33Z

Modified

2026-06-01T00:33:14.946853790Z

Summary

unbound: Fix of CVE-2026-33278

Details

CVE-2026-33278: use-after-free in DNSSEC validator dnsmsgdeepcopy_region during NSEC3 sub-query suspend/resume; buggy struct-assignment overwrote the destination's freshly-allocated rrsets pointer with the source's pointer, leaving a dangling pointer dereferenced after the source region was freed (possible remote code execution or crash)

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-5.el8.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779534149.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-5.el8.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779534149.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-5.el8.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779534149.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.16.2-5.el8.tuxcare.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos-stream8els/CLSA-2026-1779534149.json"