github NLnetLabs/unbound release-1.25.1
Unbound 1.25.1
on GitHub

7 hours ago

Unbound 1.25.1

This release has a number of security fixes.

The release is signed with the OpenPGP software signing key that is
in use since Jan 1st 2026: 

User ID: NLnet Labs releases signing key G2 <releases@nlnetlabs.nl>
Key ID: A144 323D EAAC DF45
Fingerprint: 2310 1869 0C4D 903E F419  146A A144 323D EAAC DF45

The key is available from https://nlnetlabs.nl/signing-keys .

This release consolidates security fixes for issues reported over
a period of time. There are fixes for CVE-2026-33278,
CVE-2026-42944, CVE-2026-42959, CVE-2026-32792, CVE-2026-40622,
CVE-2026-41292, CVE-2026-42534, CVE-2026-42923, CVE-2026-42960,
CVE-2026-44390 and CVE-2026-44608.

Bug Fixes

  • Fix CVE-2026-33278, Possible remote code execution during DNSSEC
    validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
  • Fix CVE-2026-42944, Heap overflow and crash with multiple nsid,
    cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto
    Networks, for the report.
  • Fix CVE-2026-42959, Crash during DNSSEC validation of malicious
    content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
  • Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew
    Griffiths from 'calif.io' for the report.
  • Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan
    Zhang, Palo Alto Networks, for the report.
  • Fix CVE-2026-41292, Parsing a long list of incoming EDNS options
    degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan
    Zhang from Palo Alto Networks, for the report.
  • Fix CVE-2026-42534, Jostle logic bypass degrades resolution
    performance. Thanks to Qifan Zhang, Palo Alto Networks, for the
    report.
  • Fix CVE-2026-42923, Degradation of service with unbounded NSEC3
    hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for
    the report.
  • Fix CVE-2026-42960, Possible cache poisoning attack while following
    delegation. Thanks to TaoFei Guo from Peking University, Yang Luo
    and JianJun Chen, Tsinghua University, for the report.
  • Fix CVE-2026-44390, Unbounded name compression in certain cases
    causes degradation of service. Thanks to Qifan Zhang, Palo Alto
    Networks, for the report.
  • Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks
    to Qifan Zhang, Palo Alto Networks, for the report.
Check out latest releases or
releases around NLnetLabs/unbound release-1.25.1

Don't miss a new unbound release

NewReleases is sending notifications on new releases.

Get notifications