CVE-2019-25039

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-25039
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25039.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-25039
Downstream
Related
Published
2021-04-27T06:15:07Z
Modified
2025-10-21T02:35:32Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Database specific
{
    "isDisputed": true
}
References

Affected packages

Git / github.com/nlnetlabs/unbound

Affected ranges

Type
GIT
Repo
https://github.com/nlnetlabs/unbound
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/nlnetlabs/unbound/commit/34e52a4313d59b9d57e928c44300fd81e1a48910",
        "signature_version": "v1",
        "target": {
            "file": "ipsecmod/ipsecmod.c",
            "function": "call_hook"
        },
        "digest": {
            "length": 2050.0,
            "function_hash": "303465733232096823978517449070123341908"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-25039-22a971d4"
    },
    {
        "source": "https://github.com/nlnetlabs/unbound/commit/34e52a4313d59b9d57e928c44300fd81e1a48910",
        "signature_version": "v1",
        "target": {
            "file": "ipsecmod/ipsecmod.c"
        },
        "digest": {
            "line_hashes": [
                "70553163538034000960962883838447906720",
                "62147787479526802497929393542831647967",
                "43794976847243337970009644075751210128",
                "206854229777134557726766374652661591754",
                "22497931369453821656061072947680439892",
                "242433969134937716326432553874698764934",
                "152938100667906096131479708143832401450",
                "46101062252850330511575173918983145724",
                "157362141640837772740229871849226310613",
                "264538954822069397443472615122773019789",
                "143496833277953931355852379224938644257",
                "203480266179038306884326564596176499939",
                "73665829503106289032328800348605369082",
                "52655954125939492573192009812488428936",
                "230510070027535029623236987883043298098",
                "55963106386066207446778033336776991557",
                "212464111113386431760714608928832136845",
                "324317679674959875372319663952451420433",
                "145501367096330326271927998536912673132",
                "7712312671338711946672425055757003510",
                "194469914231690406518933733543167455343",
                "337078465626256361135521580377815858255",
                "69551360486834579820395484095932616453",
                "220932950267901280906770376209241638547",
                "151806495451079858604557862390711251772",
                "323984524004576252695495354068249264428",
                "159125170216428001982894041239002846868",
                "313604412320883742384448830965984522380",
                "23897712633339973223394152662924014280",
                "38388900261996797264813407465142516282",
                "317076279302621377901973555687290557121",
                "226533621284668773151351540579066444426",
                "125136969720913860571958183594799194979",
                "29149951929535913424346922945050149000",
                "276850585468923192981327481397947013256",
                "106906077810546410056895284908258869603",
                "321648861069286777914698546075854336991",
                "329099943122094127043805942847111155503",
                "268976628581068154189092415548339107624",
                "216521024988449076787229928756721242292",
                "272369404287204970864515064130729912166",
                "173702320536478764984116801009380616093",
                "217779352477091361310529382652262637628",
                "206316453957424109683099858931641700972",
                "160248007866213256693231605169867630647",
                "116009048536553657149447497080385657406",
                "323984524004576252695495354068249264428",
                "315173114953696267668618285516325708852",
                "83901963534077062432336834987362808731",
                "271513679856295084688565457535021362732",
                "296253931515678179339484311338481206675",
                "297974649863533103736763988090693906104",
                "118871358511266717950982875254055733303",
                "162379569995058781279607653043713940509",
                "152854346008092563513635124784708029520",
                "131926960543874682953641937570941013521",
                "96634251516368624315815557265261067079",
                "262734782257050881731445987591207587340",
                "60721623658936596335710612399404057500",
                "126095431476034665070989077541763716606",
                "167700405682410954493352853114581197547"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-25039-ed5fda81"
    }
]