{"url":"http://public2.vulnerablecode.io/api/packages/106321?format=json","purl":"pkg:deb/debian/unbound@1.3.4-1?distro=trixie","type":"deb","namespace":"debian","name":"unbound","version":"1.3.4-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0","latest_non_vulnerable_version":"1.25.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201562?format=json","vulnerability_id":"VCID-ccaf-9xuu-r7g8","summary":"Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3602","reference_id":"","reference_type":"","scores":[{"value":"0.01644","scoring_system":"epss","scoring_elements":"0.82379","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3602"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/106321?format=json","purl":"pkg:deb/debian/unbound@1.3.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/unbound@1.3.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106322?format=json","purl":"pkg:deb/debian/unbound@1.13.1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17wy-sr9d-97gb"},{"vulnerability":"VCID-1az2-2ttb-7yhp"},{"vulnerability":"VCID-2f7n-phj8-jfe3"},{"vulnerability":"VCID-31mc-a616-3bb5"},{"vulnerability":"VCID-3wc4-c3y2-kbb9"},{"vulnerability":"VCID-7k6e-v6e8-37ct"},{"vulnerability":"VCID-armq-zx8m-x7gf"},{"vulnerability":"VCID-cc4k-b5ar-nbf5"},{"vulnerability":"VCID-cwcn-f1hr-xqdb"},{"vulnerability":"VCID-dr1q-t52n-57ek"},{"vulnerability":"VCID-mdpm-xe9b-cfab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/unbound@1.13.1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106320?format=json","purl":"pkg:deb/debian/unbound@1.17.1-2%2Bdeb12u4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17wy-sr9d-97gb"},{"vulnerability":"VCID-1az2-2ttb-7yhp"},{"vulnerability":"VCID-2f7n-phj8-jfe3"},{"vulnerability":"VCID-31mc-a616-3bb5"},{"vulnerability":"VCID-3wc4-c3y2-kbb9"},{"vulnerability":"VCID-7k6e-v6e8-37ct"},{"vulnerability":"VCID-armq-zx8m-x7gf"},{"vulnerability":"VCID-cc4k-b5ar-nbf5"},{"vulnerability":"VCID-cwcn-f1hr-xqdb"},{"vulnerability":"VCID-dr1q-t52n-57ek"},{"vulnerability":"VCID-mdpm-xe9b-cfab"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/unbound@1.17.1-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106324?format=json","purl":"pkg:deb/debian/unbound@1.22.0-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/unbound@1.22.0-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/106323?format=json","purl":"pkg:deb/debian/unbound@1.25.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/unbound@1.25.1-1%3Fdistro=trixie"}],"aliases":["CVE-2009-3602"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ccaf-9xuu-r7g8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/unbound@1.3.4-1%3Fdistro=trixie"}