PT-2019-6132 · Nlnet+8 · Unbound+8

Publicado

2019-12-11

Atualizado

2024-08-05

CVE-2019-25039

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Unbound versions prior to 1.9.5

Description The issue is related to an integer overflow in a size calculation in respip/respip.c. Although the vendor disputes that this is a vulnerability, the code may be vulnerable. However, a running Unbound installation cannot be remotely or locally exploited. The vulnerability may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For Unbound versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function until a patch is available.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2019-3282

ALT-PU-2019-3287

BDU:2021-05909

CESA-2021_1853

CVE-2019-25039

DLA-2652-1

OPENSUSE-SU-2022:0176-1

OPENSUSE-SU-2022_0176-1

RHSA-2021:1853

RHSA-2021_1853

RHSA-2022:0632

RLSA-2021:1853

SUSE-SU-2022:0176-1

SUSE-SU-2022:0176-2

SUSE-SU-2022:0301-1

USN-4938-1

Produtos afetados

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Unbound

PT-2019-6132 · Nlnet+8 · Unbound+8

CVE-2019-25039

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 147