CVE-2019-25042

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Unbound versions prior to 1.9.5

Description The issue is related to an out-of-bounds write via a compressed name in the rdata copy function. Although the vendor disputes that this is a vulnerability, the code may be vulnerable. However, a running Unbound installation cannot be remotely or locally exploited. The vulnerability may allow an attacker to access confidential data, disrupt its integrity, and cause a denial of service.

Recommendations For Unbound versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the rdata copy function until a patch is available.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2019-3282

ALT-PU-2019-3287

BDU:2021-05838

CESA-2021_1853

CVE-2019-25042

DLA-2652-1

OPENSUSE-SU-2022:0176-1

OPENSUSE-SU-2022_0176-1

RHSA-2021:1853

RHSA-2021_1853

RHSA-2022:0632

RLSA-2021:1853

SUSE-SU-2022:0176-1

SUSE-SU-2022:0176-2

SUSE-SU-2022:0301-1

USN-4938-1

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Unbound

CVE-2019-25042

Weakness Enumeration

Related Identifiers

Affected Products

References · 145