CVE-2026-32792

MEDIUM EPSS 25.5%
Published May 20, 20261mo ago · Modified Jun 17, 20261w ago
4.6 CVSS 4.0
Medium
Find Similar
Published May 20, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

CVSS Details

Base Score
4.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
25.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-166

Affected Products 1

VendorProductVersionRange
nlnetlabsunbound*≥1.6.2  –  <1.25.1

References 1

  • nlnetlabs.nl https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt
    MitigationVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.