Vulnerability CVE-2019-16866: Information

Description

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16866
Published: Oct. 3, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-755CWE-908

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
unboundsisyphus1.9.4-alt11.20.0-alt1ALT-PU-2019-2821-1238638Fixed
unboundp101.9.4-alt11.20.0-alt1ALT-PU-2019-2821-1238638Fixed
unboundp91.9.4-alt11.20.0-alt1ALT-PU-2019-2824-1238640Fixed
unboundp81.9.4-alt0.M80P.11.11.0-alt0.M80P.1ALT-PU-2019-2825-1238639Fixed
unboundc10f11.9.4-alt11.20.0-alt1ALT-PU-2019-2821-1238638Fixed
unboundc9f21.9.4-alt11.20.0-alt1ALT-PU-2019-2824-1238640Fixed
unboundp111.9.4-alt11.20.0-alt1ALT-PU-2019-2821-1238638Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog
  • Product
  • Release Notes
https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
  • Patch
  • Vendor Advisory
USN-4149-1
  • Third Party Advisory
DSA-4544
    20191016 [SECURITY] [DSA 4544-1] unbound security update
      FEDORA-2019-e99b716a92
        FEDORA-2019-0418c12a36

            1. Configuration 1

              cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*
              End excliding
              1.9.4

              Configuration 2

              cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top