CVE-2019-25041

Name
CVE-2019-25041
Description
** DISPUTED ** Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
Mailing List https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20210507-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:* unbound >= None < 1.9.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
unbound 3.10-main 1.9.1-r8 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable