CVE-2019-18934

CVE-2019-18934

Name

CVE-2019-18934

Description

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Release Notes	https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog
Release Notes	https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/
Patch	https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
Exploit	http://www.openwall.com/lists/oss-security/2019/11/19/1
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html

Type

URI

Release Notes

https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog

Release Notes

https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/

Patch

https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt

Exploit

http://www.openwall.com/lists/oss-security/2019/11/19/1

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK/

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00069.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:nlnetlabs:unbound::::::::`	unbound	>= 1.6.4	<= 1.9.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*

unbound

>= 1.6.4

<= 1.9.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
unbound	edge-main	1.9.5-r0	None	fixed
unbound	edge-main	1.9.4-r0	None	possibly vulnerable
unbound	3.22-main	1.9.5-r0	None	fixed
unbound	3.22-main	1.9.4-r0	None	possibly vulnerable
unbound	3.21-main	1.9.5-r0	None	fixed
unbound	3.21-main	1.9.4-r0	None	possibly vulnerable
unbound	3.20-main	1.9.5-r0	None	fixed
unbound	3.20-main	1.9.4-r0	None	possibly vulnerable
unbound	3.19-main	1.9.5-r0	None	fixed
unbound	3.19-main	1.9.4-r0	None	possibly vulnerable
unbound	3.18-main	1.9.5-r0	None	fixed
unbound	3.17-main	1.9.5-r0	None	fixed
unbound	3.12-main	1.9.5-r0	None	fixed
unbound	3.11-main	1.9.5-r0	None	fixed
unbound	3.10-main	1.9.1-r4	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages