CVE-2019-25035

Name
CVE-2019-25035
Description
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
Mailing List https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20210507-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:* unbound >= None < 1.9.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
unbound 3.10-main 1.9.1-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable