Headline
RHSA-2022:8062: Red Hat Security Advisory: unbound security, bug fix, and enhancement update
An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-30698: unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
- CVE-2022-30699: unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8062 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: unbound security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for unbound is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
The following packages have been upgraded to a later upstream version: unbound (1.16.2). (BZ#2087120)
Security Fix(es):
- unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30698)
- unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names (CVE-2022-30699)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 1981415 - unbound: don’t use deprecated functions in OpenSSL 3.0
- BZ - 2056116 - unbound-devel is not available on Centos 9 Stream
- BZ - 2071543 - Unbound fails resolution of any SHA-1 signed domain [rhel-9.1.0]
- BZ - 2071943 - failing devel man pages for rhel 9
- BZ - 2079548 - [unbound: FIPS mode] does not resolve ED25519 and ED448
- BZ - 2087120 - [rebase] Rebase to 1.16.0
- BZ - 2094336 - unbound-keygen needs to be stoped
- BZ - 2116725 - CVE-2022-30698 unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
- BZ - 2116729 - CVE-2022-30699 unbound: novel ghost domain attack that allows attackers to trigger continued resolvability of malicious domain names
- BZ - 2116802 - unbound-keygen requires openssl [rhel9]
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
unbound-1.16.2-2.el9.src.rpm
SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b
x86_64
python3-unbound-1.16.2-2.el9.x86_64.rpm
SHA-256: 24769aca7c2431c0a2b79b3fb6c33beef0ce292f135c954d4fb1fba50d772869
python3-unbound-debuginfo-1.16.2-2.el9.i686.rpm
SHA-256: f7c6ceedac264a1cf4986e489745c082b31a96adf90ef71556f23872cf9a3e6b
python3-unbound-debuginfo-1.16.2-2.el9.x86_64.rpm
SHA-256: fd3eafad3781c0497315c3d65d3d34a29e28e41d1aa1860e847556c3a1d28445
unbound-1.16.2-2.el9.x86_64.rpm
SHA-256: 72101a254925837824f942788082daf20d91c31e1139d8a53dcab6dab30c2d64
unbound-debuginfo-1.16.2-2.el9.i686.rpm
SHA-256: c22035089506ea3c31610b9ea469918e2b591126b9a94f25c017ae2676116f3f
unbound-debuginfo-1.16.2-2.el9.x86_64.rpm
SHA-256: a02224d9ee3d93e6e2ed7eb8b0c31cc9143e7e536e2acd868401d2a1b64a3975
unbound-debugsource-1.16.2-2.el9.i686.rpm
SHA-256: 79b2cc946ebd1e24423a3f3023866e6003cbdf22d607e7a7b3f83bf44504e2bb
unbound-debugsource-1.16.2-2.el9.x86_64.rpm
SHA-256: c01cad3496488397ddaf3ef64b4cc64bd35404001fb3f2d1ffdcdc0596168151
unbound-libs-1.16.2-2.el9.i686.rpm
SHA-256: 88eb49215b26d7df6c4701e0ee9c031c4e738bd4bc70d45b9ff06da0c92b3172
unbound-libs-1.16.2-2.el9.x86_64.rpm
SHA-256: 3c52563ef6ba99cd8806b2fde878357f1c9ce092a098a85086e9bc39054cb54e
unbound-libs-debuginfo-1.16.2-2.el9.i686.rpm
SHA-256: 262ad9320853578c4d394665513dfff0aa2b753d85fa144af1a14035a2149baa
unbound-libs-debuginfo-1.16.2-2.el9.x86_64.rpm
SHA-256: 628d80f11be68767eba1cd1dba2832286de19864ad31e4577f461ee872c43721
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
unbound-1.16.2-2.el9.src.rpm
SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b
s390x
python3-unbound-1.16.2-2.el9.s390x.rpm
SHA-256: c446b929c90dad7737ffe7091e3b3b891b33f07a6265dd6cbc4e5a0ed6b11ea7
python3-unbound-debuginfo-1.16.2-2.el9.s390x.rpm
SHA-256: 7cea16a83830f4e423e12c171335ff65296f0e01cdf5bca802574a52aa7b304d
unbound-1.16.2-2.el9.s390x.rpm
SHA-256: cc0025fb80590c2ff33c44c54c98b2a7fb7edc26be030c1fb31e05eb6febcba6
unbound-debuginfo-1.16.2-2.el9.s390x.rpm
SHA-256: bf0148ee9cdd5d91f580173a8d8e6835f2e8cc5727cd99e28d999dd25e554539
unbound-debugsource-1.16.2-2.el9.s390x.rpm
SHA-256: cc25c416676add5f383f017957f9dbf2b3fea5334d4050e807a6758727e326fa
unbound-libs-1.16.2-2.el9.s390x.rpm
SHA-256: e4cf0197f84e28a41153744e95a582c7168589b4e44dfb89572b73aa3acb129b
unbound-libs-debuginfo-1.16.2-2.el9.s390x.rpm
SHA-256: b329b0780a02c4939d8a9080e1290db8d29c2559fb67e22030ceda373a74d0be
Red Hat Enterprise Linux for Power, little endian 9
SRPM
unbound-1.16.2-2.el9.src.rpm
SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b
ppc64le
python3-unbound-1.16.2-2.el9.ppc64le.rpm
SHA-256: 7cc429039cd0b2cde100bc4187ef768c92101a8cd46ffd783c424009478439da
python3-unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm
SHA-256: c6df0170f768313433b5c7edc0de45aa7c374257909551092c7b0f0012aba141
unbound-1.16.2-2.el9.ppc64le.rpm
SHA-256: cc9fef3fc81be9b03ddd5436198c89151fc91b20a3cac4025d2a5ab5d2fab2f2
unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm
SHA-256: aecdea75dbbeed4303e4cb106ec1a20c03dc3805122997d79ea5cbccbda04400
unbound-debugsource-1.16.2-2.el9.ppc64le.rpm
SHA-256: 5d4e4c32baf14227d80001b3bed566e260290298774e765fa59a793462446e24
unbound-libs-1.16.2-2.el9.ppc64le.rpm
SHA-256: e61f797e3cd92e97255fe968344b5ba98490c6eec75293aea389dc8dd0e6bf19
unbound-libs-debuginfo-1.16.2-2.el9.ppc64le.rpm
SHA-256: cdbcc0d8b2a97cea1f2604027ad2f0256602cc5d766b914a35abe979311f1af5
Red Hat Enterprise Linux for ARM 64 9
SRPM
unbound-1.16.2-2.el9.src.rpm
SHA-256: f94b97acc052ef1f60b22d22400537bb967593c77dbc9a06d56268d09db6c96b
aarch64
python3-unbound-1.16.2-2.el9.aarch64.rpm
SHA-256: 99d09da8fa7a6672790fb245781be76bf7b93c4447fd6f7ae617573a4090aaf8
python3-unbound-debuginfo-1.16.2-2.el9.aarch64.rpm
SHA-256: e46f449ce4e2beb84bb63e5d611568be9830d42c4122feb4631b353767413860
unbound-1.16.2-2.el9.aarch64.rpm
SHA-256: 796295e364105385585dd7b6166c1a8568dbc80046c99249465d298693875784
unbound-debuginfo-1.16.2-2.el9.aarch64.rpm
SHA-256: be127f252fe0204d4324deba550bb5e97c0972082b9012fb9e11823f4193654e
unbound-debugsource-1.16.2-2.el9.aarch64.rpm
SHA-256: a72bf32ae9eac268f1eabcda2e4b19c9074f3e036050c7f7d25b9f75d9f487cd
unbound-libs-1.16.2-2.el9.aarch64.rpm
SHA-256: d2698c06a645bd10567a29d9604b0a4dad6569a93b2fb27f474edefa49be4eaf
unbound-libs-debuginfo-1.16.2-2.el9.aarch64.rpm
SHA-256: 306a5f8c3331a06d435aa865718efbdb90644987ada962a18fc7f6482020308d
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
python3-unbound-debuginfo-1.16.2-2.el9.i686.rpm
SHA-256: f7c6ceedac264a1cf4986e489745c082b31a96adf90ef71556f23872cf9a3e6b
python3-unbound-debuginfo-1.16.2-2.el9.x86_64.rpm
SHA-256: fd3eafad3781c0497315c3d65d3d34a29e28e41d1aa1860e847556c3a1d28445
unbound-debuginfo-1.16.2-2.el9.i686.rpm
SHA-256: c22035089506ea3c31610b9ea469918e2b591126b9a94f25c017ae2676116f3f
unbound-debuginfo-1.16.2-2.el9.x86_64.rpm
SHA-256: a02224d9ee3d93e6e2ed7eb8b0c31cc9143e7e536e2acd868401d2a1b64a3975
unbound-debugsource-1.16.2-2.el9.i686.rpm
SHA-256: 79b2cc946ebd1e24423a3f3023866e6003cbdf22d607e7a7b3f83bf44504e2bb
unbound-debugsource-1.16.2-2.el9.x86_64.rpm
SHA-256: c01cad3496488397ddaf3ef64b4cc64bd35404001fb3f2d1ffdcdc0596168151
unbound-devel-1.16.2-2.el9.i686.rpm
SHA-256: 9743881400111ead02ff6039aff2a402203d1b7a70db9a61d8c479091c2d6870
unbound-devel-1.16.2-2.el9.x86_64.rpm
SHA-256: 9ecad0796b42d68cb49397331d91523114f12edee86dc901288195205c69ceb6
unbound-libs-debuginfo-1.16.2-2.el9.i686.rpm
SHA-256: 262ad9320853578c4d394665513dfff0aa2b753d85fa144af1a14035a2149baa
unbound-libs-debuginfo-1.16.2-2.el9.x86_64.rpm
SHA-256: 628d80f11be68767eba1cd1dba2832286de19864ad31e4577f461ee872c43721
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
python3-unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm
SHA-256: c6df0170f768313433b5c7edc0de45aa7c374257909551092c7b0f0012aba141
unbound-debuginfo-1.16.2-2.el9.ppc64le.rpm
SHA-256: aecdea75dbbeed4303e4cb106ec1a20c03dc3805122997d79ea5cbccbda04400
unbound-debugsource-1.16.2-2.el9.ppc64le.rpm
SHA-256: 5d4e4c32baf14227d80001b3bed566e260290298774e765fa59a793462446e24
unbound-devel-1.16.2-2.el9.ppc64le.rpm
SHA-256: 8effad981ece7629ad19a1b840a73f1384960db3863863f51cd22cacd566360f
unbound-libs-debuginfo-1.16.2-2.el9.ppc64le.rpm
SHA-256: cdbcc0d8b2a97cea1f2604027ad2f0256602cc5d766b914a35abe979311f1af5
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
python3-unbound-debuginfo-1.16.2-2.el9.aarch64.rpm
SHA-256: e46f449ce4e2beb84bb63e5d611568be9830d42c4122feb4631b353767413860
unbound-debuginfo-1.16.2-2.el9.aarch64.rpm
SHA-256: be127f252fe0204d4324deba550bb5e97c0972082b9012fb9e11823f4193654e
unbound-debugsource-1.16.2-2.el9.aarch64.rpm
SHA-256: a72bf32ae9eac268f1eabcda2e4b19c9074f3e036050c7f7d25b9f75d9f487cd
unbound-devel-1.16.2-2.el9.aarch64.rpm
SHA-256: 25b29744827d82090a6ac029118ef8b78f89244991ac8fcea0934138b2ecaed8
unbound-libs-debuginfo-1.16.2-2.el9.aarch64.rpm
SHA-256: 306a5f8c3331a06d435aa865718efbdb90644987ada962a18fc7f6482020308d
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
python3-unbound-debuginfo-1.16.2-2.el9.s390x.rpm
SHA-256: 7cea16a83830f4e423e12c171335ff65296f0e01cdf5bca802574a52aa7b304d
unbound-debuginfo-1.16.2-2.el9.s390x.rpm
SHA-256: bf0148ee9cdd5d91f580173a8d8e6835f2e8cc5727cd99e28d999dd25e554539
unbound-debugsource-1.16.2-2.el9.s390x.rpm
SHA-256: cc25c416676add5f383f017957f9dbf2b3fea5334d4050e807a6758727e326fa
unbound-devel-1.16.2-2.el9.s390x.rpm
SHA-256: 58200e4afeb23a59e257e3ee3f1e47ae1ca3815e287ce7d3d0bfbc4c4cf5317b
unbound-libs-debuginfo-1.16.2-2.el9.s390x.rpm
SHA-256: b329b0780a02c4939d8a9080e1290db8d29c2559fb67e22030ceda373a74d0be
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2024-2045-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...
Gentoo Linux Security Advisory 202212-2 - Multiple vulnerabilities have been discovered in Unbound, the worst of which could result in denial of service. Versions less than 1.16.3 are affected.
Red Hat Security Advisory 2022-8750-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.11.1 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caus...
Red Hat Security Advisory 2022-8062-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Red Hat Security Advisory 2022-7622-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Red Hat Security Advisory 2022-7622-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30698: unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names * CVE-2022-30699: unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names
An update for unbound is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30698: unbound: the novel ghost domain where malicious users to trigger continued resolvability of malicious domain names * CVE-2022-30699: unbound: novel ghost domain attack where malicious users to trigger continued resolvability of malicious domain names
Ubuntu Security Notice 5569-1 - Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked.
Ubuntu Security Notice 5569-1 - Xiang Li discovered that Unbound incorrectly handled delegation caching. A remote attacker could use this issue to keep rogue domain names resolvable long after they have been revoked.
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.