Two DNSSEC validation vulnerabilities have been discovered in Unbound:
CVE-2023-50387 (referred here as the KeyTrap vulnerability) and
CVE-2023-50868 (referred here as the NSEC3 vulnerability).

== Summary
=== CVE-2023-50387
Unbound prior to 1.19.1, could be lead down a very CPU intensive and time
costly DNSSEC validation path. This could lead to Denial of Service in
trivially orchestrated attacks while validating DNSSEC responses.

=== CVE-2023-50868
Unbound prior to 1.19.1, could be lead down a very CPU intensive and time
costly NSEC3 hash calculation path. This could lead to Denial of Service in
trivially orchestrated attacks while validating DNSSEC responses.

== Affected products
Unbound up to and including 1.19.0

== Description
=== CVE-2023-50387
The vulnerability works by targeting an Unbound instance. Unbound is
queried for a malicious DNSSEC domain. The malicious nameserver returns
specially crafted DNSSEC responses that use a combination of keys, signatures
and RRSETs that lead Unbound down a very CPU intensive and time costly
DNSSEC validation path. Unbound needs to spend an enormous time (comparative to
regular traffic) validating a single specially crafted DNSSEC response while
everything else is on hold for that thread.

From version 1.19.1 on, Unbound introduces suspension on DNSSEC response
validations that seem to require more attempts than Unbound is willing to make
per response validation run. Suspension means that Unbound will continue with
other work before resuming a suspended validation offering CPU time between
validation resumptions to other tasks.

=== CVE-2023-50868
The vulnerability works by targeting an Unbound instance. Unbound is
queried for a malicious DNSSEC domain. The malicious nameserver returns
specially crafted DNSSEC responses that use multiple NSEC3 RRSETs that lead
Unbound down a very CPU intensive and time costly NSEC3 hash calculation path.
Unbound needs to spend an enormous time (comparative to regular traffic)
validating a single specially crafted DNSSEC response while everything else is
on hold for that thread.

From version 1.19.1 on, Unbound introduces suspension on DNSSEC response
validations that seem to require more attempts than Unbound is willing to make
per response validation run. Suspension means that Unbound will continue with
other work before resuming a suspended validation offering CPU time between
validation resumptions to other tasks.

== Solution
Install Unbound version 1.19.1 or later.

== Acknowledgments
We would like to thank Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael
Waidner from the German National Research Center for Applied Cybersecurity
ATHENE for discovering and responsibly disclosing the KeyTrap vulnerability.

We would like to thank Petr Špaček from ISC for discovering and responsibly
disclosing the NSEC3 vulnerability.