"Wall, Stephen" <stephen.w...@redcom.com> writes: > This CVE lists unbound 1.19.1 as being vulnerable. This is the > version currently included in 14.0, but there is no Security Advisory > for it. Does this mean that the base system unbound can’t be used in > a way that makes it vulnerable, or is this something that needs to be > addressed?
The base system unbound is meant to be used with a configuration generated by `local-unbound-setup`, which never enables the `ede` option which is a prerequisite for the DoS attack described in CVE-2024-1931. DES (speaking only for himself) -- Dag-Erling Smørgrav - d...@freebsd.org
