CVE-2019-25038

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Unbound versions prior to 1.9.5

Description The issue is related to an integer overflow in a size calculation in the dnscrypt/dnscrypt.c component of the Unbound DNS server. This could potentially allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. However, the vendor disputes that this is a vulnerability, and it's noted that a running Unbound installation cannot be remotely or locally exploited.

Recommendations For Unbound versions prior to 1.9.5, update to version 1.9.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the dnscrypt/dnscrypt.c component until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-3282

ALT-PU-2019-3287

BDU:2021-06245

CESA-2021_1853

CVE-2019-25038

DLA-2652-1

OPENSUSE-SU-2022:0176-1

OPENSUSE-SU-2022_0176-1

RHSA-2021:1853

RHSA-2021_1853

RHSA-2022:0632

RLSA-2021:1853

SUSE-SU-2022:0176-1

SUSE-SU-2022:0176-2

SUSE-SU-2022:0301-1

USN-4938-1

Affected Products

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Unbound

CVE-2019-25038

Weakness Enumeration

Related Identifiers

Affected Products

References · 149