Two DNSSEC validation vulnerabilities have been discovered in Unbound: CVE-2023-50387 (referred here as the KeyTrap vulnerability) and CVE-2023-50868 (referred here as the NSEC3 vulnerability). == Summary === CVE-2023-50387 Unbound prior to 1.19.1, could be lead down a very CPU intensive and time costly DNSSEC validation path. This could lead to Denial of Service in trivially orchestrated attacks while validating DNSSEC responses. === CVE-2023-50868 Unbound prior to 1.19.1, could be lead down a very CPU intensive and time costly NSEC3 hash calculation path. This could lead to Denial of Service in trivially orchestrated attacks while validating DNSSEC responses. == Affected products Unbound up to and including 1.19.0 == Description === CVE-2023-50387 The vulnerability works by targeting an Unbound instance. Unbound is queried for a malicious DNSSEC domain. The malicious nameserver returns specially crafted DNSSEC responses that use a combination of keys, signatures and RRSETs that lead Unbound down a very CPU intensive and time costly DNSSEC validation path. Unbound needs to spend an enormous time (comparative to regular traffic) validating a single specially crafted DNSSEC response while everything else is on hold for that thread. From version 1.19.1 on, Unbound introduces suspension on DNSSEC response validations that seem to require more attempts than Unbound is willing to make per response validation run. Suspension means that Unbound will continue with other work before resuming a suspended validation offering CPU time between validation resumptions to other tasks. === CVE-2023-50868 The vulnerability works by targeting an Unbound instance. Unbound is queried for a malicious DNSSEC domain. The malicious nameserver returns specially crafted DNSSEC responses that use multiple NSEC3 RRSETs that lead Unbound down a very CPU intensive and time costly NSEC3 hash calculation path. Unbound needs to spend an enormous time (comparative to regular traffic) validating a single specially crafted DNSSEC response while everything else is on hold for that thread. From version 1.19.1 on, Unbound introduces suspension on DNSSEC response validations that seem to require more attempts than Unbound is willing to make per response validation run. Suspension means that Unbound will continue with other work before resuming a suspended validation offering CPU time between validation resumptions to other tasks. == Solution Install Unbound version 1.19.1 or later. == Acknowledgments We would like to thank Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner from the German National Research Center for Applied Cybersecurity ATHENE for discovering and responsibly disclosing the KeyTrap vulnerability. We would like to thank Petr Å paÄek from ISC for discovering and responsibly disclosing the NSEC3 vulnerability.