Versions Affected : All verisons prior to FreeNAS 11.3-U3.2

---

Description

Malformed answers from upstream name servers can send Unbound into an infinite loop, resulting in denial of service.

A malicious query can cause a traffic amplification attack against third party authoritative nameservers. Denial of service of the affected host, or of third parties via traffic amplification.

---

Workaround

No workaround is available.

---

Mitigation

• Upgrade to FreeNAS 11.3-U4.1 or later.

---

Commit

• FreeBSD Revision : r363027
• FreeNAS Commit : 59a00d8
• JIRA Ticket : NAS-106415

---

Further information

• FreeBSD Errata Entry