Alpine: multiple unbound packages, py-unbound: security update to 1.16.3-r0

high Tenable Cloud Security Plugin ID 424559

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in
various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a
considerable number of non responsive nameservers. The attack starts by querying a resolver for a record
that relies on those unresponsive nameservers. The attack can cause a resolver to spend a lot of
time/resources resolving records under a malicious delegation point where a considerable number of
unresponsive NS records reside. It can trigger high CPU usage in some resolver implementations that
continually look in the cache for resolved NS records in that delegation. This can lead to degraded
performance and eventually denial of service in orchestrated attacks. Unbound does not suffer from high
CPU usage, but resources are still needed for resolving the malicious delegation. Unbound will keep trying
to resolve the record until hard limits are reached. Based on the nature of the attack and the replies,
different limits could be reached. From version 1.16.3 on, Unbound introduces fixes for better performance
when under load, by cutting opportunistic queries for nameserver discovery and DNSKEY prefetching and
limiting the number of times a delegation point can issue a cache lookup for missing records.
(CVE-2022-3204)

See Also

https://security.alpinelinux.org/vuln/CVE-2022-3204

Plugin Details

Severity: High

ID: 424559

Version: Revision 1.12

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-3204

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 9/23/2022

Reference Information

CVE: CVE-2022-3204