An update for unbound is now available for HCE 3.0 Security Advisory hws_security@huawei.com Huawei Cloud HCE3-SA-2025-0143 Final 1.0 1.0 2025-10-09T06:38:18:00Z current version 2025-10-09T06:38:18:00Z 2025-10-09T06:38:18:00Z HCE SA Engine 1.0.0 An update for unbound is now available for HCE 3.0 HCE Security has rated this update as having a security impact of Important.A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Security Fix(es): NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound_x27;s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. (CVE-2022-30698) DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound_x27;s config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. (CVE-2024-43168) NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic. (CVE-2024-8508) A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. (CVE-2024-43167) A multi-vendor cache poisoning vulnerability named _x27;Rebirthday Attack_x27; has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., _x27;--enable-subnet_x27;, AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the _x27;send-client-subnet_x27;, _x27;client-subnet-zone_x27; or _x27;client-subnet-always-forward_x27; options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies. (CVE-2025-5994) This document is provided on an "AS IS" basis and does not implyany kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no eventshall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by any means, is totally at your own risk. Huawei is entitled to amend or update this document from time to time. The information and data embodied in this document and any attachment are strictly confidential information of Huawei and are supplied on the understanding that they will be held confidentially and not disclosed to third parties without the prior written consent of Huawei. Use all reasonable efforts to protect the confidentiality of information. In particular, do not directly or indirectly disclose, allow access to, transmit or transfer information to a third party without our prior written consent. Thank you for your co-operation. Receipt of this security advisory shall be deemed as your consent of the terms and conditions above. Huawei Cloud EulerOS 3.0 unbound This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30698 CVE-2022-30698 HCE 3.0:unbound-1.17.1-10.r3.hce3 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30698 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43168 CVE-2024-43168 HCE 3.0:unbound-1.17.1-10.r3.hce3 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43168 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-8508 CVE-2024-8508 HCE 3.0:unbound-1.17.1-10.r3.hce3 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-8508 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43167 CVE-2024-43167 HCE 3.0:unbound-1.17.1-10.r3.hce3 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43167 2.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L This vulnerability can be exploited only when the following conditions are present: None Vulnerability details: For technical details, customers are advised to reference the website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-5994 CVE-2025-5994 HCE 3.0:unbound-1.17.1-10.r3.hce3 For technical details, customers are advised to referencethe website: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-5994 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N