Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-32792

Summary
Assigner-NLnet Labs
Assigner Org ID-206fc3a0-e175-490b-9eaa-a5738056c9f6
Published At-20 May, 2026 | 09:17
Updated At-20 May, 2026 | 12:16
Rejected At-
Credits

Packet of death with DNSCrypt

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NLnet Labs
Assigner Org ID:206fc3a0-e175-490b-9eaa-a5738056c9f6
Published At:20 May, 2026 | 09:17
Updated At:20 May, 2026 | 12:16
Rejected At:
â–¼CVE Numbering Authority (CNA)
Packet of death with DNSCrypt

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

Affected Products
Vendor
NLnet Labs
Product
Unbound
Default Status
unaffected
Versions
Affected
  • From 1.6.2 before 1.25.1 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-166CWE-166: Improper Handling of Missing Special Element
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-166
Description: CWE-166: Improper Handling of Missing Special Element
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
4.04.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This issue is fixed starting with version 1.25.1

Configurations
Workarounds
Exploits
Credits
finder
Andrew Griffiths (calif.io)
Timeline
EventDate
Issue reported by Andrew Griffiths2026-04-16 00:00:00
NLnet Labs shares patch2026-04-17 00:00:00
Andrew Griffiths verifies patch2026-04-18 00:00:00
Fixes released with version 1.25.12026-05-20 00:00:00
Event: Issue reported by Andrew Griffiths
Date: 2026-04-16 00:00:00
Event: NLnet Labs shares patch
Date: 2026-04-17 00:00:00
Event: Andrew Griffiths verifies patch
Date: 2026-04-18 00:00:00
Event: Fixes released with version 1.25.1
Date: 2026-05-20 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt
vendor-advisory
Hyperlink: https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt
Resource:
vendor-advisory
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:sep@nlnetlabs.nl
Published At:20 May, 2026 | 10:16
Updated At:20 May, 2026 | 22:44

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit the vulnerability with a single bad DNSCrypt query that its decrypted plaintext consists entirely of '0x00' bytes and does not contain the expected '0x80' marker. Unbound would then start reading more bytes than necessary until it finds a non-'0x00' byte. Based on the underlying memory allocator and the memory layout, it could lead to heap overflow while reading followed by a crash. Likelihood of a crash is low, since it relies heavily on the underlying memory allocator and the memory layout. If the heap overflow does not happen, Unbound's later packet checks will deny the packet. Unbound 1.25.1 contains a patch with a fix to bound reading in the given buffer space.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.04.6MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Type: Secondary
Version: 4.0
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPE Matches
nlnetlabs
nlnetlabs
>>unbound>>Versions from 1.6.2(inclusive) to 1.25.1(exclusive)
cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Secondarysep@nlnetlabs.nl
CWE-166Secondarysep@nlnetlabs.nl
CWE ID: CWE-125
Type: Secondary
Source: sep@nlnetlabs.nl
CWE ID: CWE-166
Type: Secondary
Source: sep@nlnetlabs.nl
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txtsep@nlnetlabs.nl
Mitigation
Vendor Advisory
Hyperlink: https://www.nlnetlabs.nl/downloads/unbound/CVE-2026-32792.txt
Source: sep@nlnetlabs.nl
Resource:
Mitigation
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2024-39695
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.54%
||
7 Day CHG~0.00%
Published-08 Jul, 2024 | 15:14
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Exiv2 has an out-of-bounds read in AsfVideo::streamProperties

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3.

Action-Not Available
Vendor-Exiv2
Product-exiv2exiv2exiv2
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-20766
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.28% / 51.42%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 15:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ATA 190 Series Analog Telephone Adapter firmware Cisco Discovery Protocol Denial of Service Vulnerability

A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Analog Telephone Adaptor (ATA) Softwareata_190_firmware
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-45682
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 6.54%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 23:27
Updated-12 Sep, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Wild address read in vorbis_decode_packet_rest in stb_vorbis

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.

Action-Not Available
Vendor-nothingsnothingsnothings
Product-stb_vorbis.cstbstb
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-40575
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.04%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 21:34
Updated-13 Feb, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-Of-Bounds Read in FreeRDP

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-FreeRDP
Product-freerdpFreeRDP
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-33383
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 68.74%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 00:00
Updated-17 Oct, 2024 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.

Action-Not Available
Vendor-shellyn/ashelly
Product-pro_4pmpro_4pm_firmwaren/apro_4pm
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-1819
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-3.7||LOW
EPSS-0.08% / 23.82%
||
7 Day CHG~0.00%
Published-27 Dec, 2024 | 10:05
Updated-10 Jan, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-secospace_usg6300_firmwaresecospace_usg6600_firmwarenip6800usg6000vngfw_modulengfw_module_firmwareips_module_firmwaresecospace_usg6300secospace_usg6500ips_modulenip6600_firmwareusg6000v_firmwarenip6300secospace_usg6500_firmwarenip6800_firmwarenip6600nip6300_firmwaresecospace_usg6600Secospace USG6600USG6000VNIP6600NGFW ModuleNIP6300Secospace USG6300Secospace USG6500NIP6800IPS Module
CWE ID-CWE-125
Out-of-bounds Read
  • Previous
  • 1
  • 2
  • Next
Details not found