CVE-2019-25042

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-25042

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-25042.json

Related

DLA-2652-1
RLSA-2021:1853
USN-4938-1

Withdrawn

2021-06-11T21:27:02Z

Published

2021-04-27T06:15:07Z

Modified

2024-05-17T01:36:39Z

Severity

CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

[none]

Details

Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

References

https://security.netapp.com/advisory/ntap-20210507-0007/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

Affected packages

Git / github.com/nlnetlabs/unbound

Affected ranges

Type: GIT
Repo: https://github.com/nlnetlabs/unbound
Events: Introduced

0The exact introduced commit is unknown

Fixed

34e52a4313d59b9d57e928c44300fd81e1a48910