Red Hat Security Advisory: unbound security update
Two security vulnerabilities have been identified in the unbound DNS resolver packages used in Red Hat Enterprise Linux 8. The first vulnerability (CVE-2026-42944) is a heap overflow and crash triggered by multiple specific EDNS options. The second vulnerability (CVE-2026-42959) is a denial of service in the DNSSEC validator caused by an incorrect write offset counter in chase-reply messages. Red Hat has issued an important security advisory and released updated packages to address these issues. The vulnerabilities affect multiple architectures including x86_64, s390x, ppc64le, and aarch64. No known exploits in the wild have been reported. Users are advised to apply the provided security update to remediate these vulnerabilities.
AI Analysis
Technical Summary
The unbound DNS resolver in Red Hat Enterprise Linux 8 contains two vulnerabilities: CVE-2026-42944, a heap overflow and crash caused by processing multiple nsid, cookie, and padding EDNS options; and CVE-2026-42959, a denial of service vulnerability in the DNSSEC validator due to an incorrect write offset counter in chase-reply messages. These issues could lead to service crashes or denial of service conditions. Red Hat has released updated unbound packages to fix these vulnerabilities across supported architectures.
Potential Impact
Successful exploitation of CVE-2026-42944 may cause heap overflow leading to a crash of the unbound DNS resolver service. CVE-2026-42959 can cause denial of service by disrupting the DNSSEC validation process. Both vulnerabilities impact the availability of the DNS resolver service but no evidence of exploitation in the wild has been reported.
Mitigation Recommendations
Red Hat has released updated unbound packages that fix these vulnerabilities. Users should apply the security update as described in Red Hat advisory RHSA-2026:24365 and the referenced article https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation requires manual patching of affected systems. Patch status is confirmed by the vendor advisory.
Red Hat Security Advisory: unbound security update
Description
Two security vulnerabilities have been identified in the unbound DNS resolver packages used in Red Hat Enterprise Linux 8. The first vulnerability (CVE-2026-42944) is a heap overflow and crash triggered by multiple specific EDNS options. The second vulnerability (CVE-2026-42959) is a denial of service in the DNSSEC validator caused by an incorrect write offset counter in chase-reply messages. Red Hat has issued an important security advisory and released updated packages to address these issues. The vulnerabilities affect multiple architectures including x86_64, s390x, ppc64le, and aarch64. No known exploits in the wild have been reported. Users are advised to apply the provided security update to remediate these vulnerabilities.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The unbound DNS resolver in Red Hat Enterprise Linux 8 contains two vulnerabilities: CVE-2026-42944, a heap overflow and crash caused by processing multiple nsid, cookie, and padding EDNS options; and CVE-2026-42959, a denial of service vulnerability in the DNSSEC validator due to an incorrect write offset counter in chase-reply messages. These issues could lead to service crashes or denial of service conditions. Red Hat has released updated unbound packages to fix these vulnerabilities across supported architectures.
Potential Impact
Successful exploitation of CVE-2026-42944 may cause heap overflow leading to a crash of the unbound DNS resolver service. CVE-2026-42959 can cause denial of service by disrupting the DNSSEC validation process. Both vulnerabilities impact the availability of the DNS resolver service but no evidence of exploitation in the wild has been reported.
Mitigation Recommendations
Red Hat has released updated unbound packages that fix these vulnerabilities. Users should apply the security update as described in Red Hat advisory RHSA-2026:24365 and the referenced article https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation requires manual patching of affected systems. Patch status is confirmed by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:24365
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-42959"]
- Cvss Version
- null
Threat ID: 6a27320ee29bf47b509bf305
Added to database: 6/8/2026, 9:20:14 PM
Last enriched: 6/8/2026, 9:22:00 PM
Last updated: 6/9/2026, 12:03:40 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.