MNBSD-2026-46: heap overflow and crash with multiple nsid, cookie, padding EDNS options

Severity: Unknown

Affected Package: unbound

Summary: heap overflow and crash with multiple nsid, cookie, padding EDNS options

Description

Processing messages with multiple nsid, cookie, and padding EDNS options can cause a heap overflow and crash. Reported by Qifan Zhang, Palo Alto Networks.

Affected Versions

unbound

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-42944

Published: June 11, 2026
Last Modified: June 11, 2026