CVE-2019-25042
published 2021-04-27CVE-2019-25042: Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the…
PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.04%
78.7th percentile
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | unbound | < unbound 1.9.6-1 (bookworm) | unbound 1.9.6-1 (bookworm) |
| nlnetlabs | unbound | < 1.9.5 | 1.9.5 |
| nlnetlabs | unbound | >= 0 < 1.9.6-1 | 1.9.6-1 |
| nlnetlabs | unbound | >= 0 < 1.9.6-1 | 1.9.6-1 |
| nlnetlabs | unbound | >= 0 < 1.9.6-1 | 1.9.6-1 |
| nlnetlabs | unbound | >= 0 < 1.9.6-1 | 1.9.6-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8LOW
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7rfp-f6jm-r63w: Unbound before 1
ghsa_unreviewed·2022-05-24
CVE-2019-25042 [CRITICAL] CWE-787 GHSA-7rfp-f6jm-r63w: Unbound before 1
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy.
OSV
CVE-2019-25042: Unbound before 1
osv·2021-04-27·CVSS 9.8
CVE-2019-25042 [CRITICAL] CVE-2019-25042: Unbound before 1
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Ubuntu
Unbound vulnerabilities
vendor_ubuntu·2021-05-06
CVE-2019-25031 Unbound vulnerabilities
Title: Unbound vulnerabilities
Summary: Several security issues were fixed in Unbound.
It was discovered that Unbound contained multiple security issues. A
remote attacker could possibly use these issues to cause a denial of
service, inject arbitrary commands, execute arbitrary code, and overwrite
local files.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
unbound: out-of-bounds write via a compressed name in rdata_copy
vendor_redhat·2019-12-11·CVSS 9.8
CVE-2019-25042 [CRITICAL] CWE-787 unbound: out-of-bounds write via a compressed name in rdata_copy
unbound: out-of-bounds write via a compressed name in rdata_copy
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
A flaw was found in unbound. An out-of-bounds write in the rdata_copy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
Statement: According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate. Upstream has also disputed this CVE.
Package: unbound (Red Hat Enterprise
Debian
CVE-2019-25042: unbound - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdat...
vendor_debian·2019·CVSS 9.8
CVE-2019-25042 [CRITICAL] CVE-2019-25042: unbound - Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdat...
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Scope: local
bookworm: resolved (fixed in 1.9.6-1)
bullseye: resolved (fixed in 1.9.6-1)
forky: resolved (fixed in 1.9.6-1)
sid: resolved (fixed in 1.9.6-1)
trixie: resolved (fixed in 1.9.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.htmlhttps://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/https://security.netapp.com/advisory/ntap-20210507-0007/https://lists.debian.org/debian-lts-announce/2021/05/msg00007.htmlhttps://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/https://security.netapp.com/advisory/ntap-20210507-0007/
2021-04-27
Published