Vulnerability CVE-2019-16866: Information
Description
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Published: Oct. 3, 2019
Modified: Nov. 7, 2023
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
unbound | sisyphus | 1.9.4-alt1 | 1.20.0-alt1 | ALT-PU-2019-2821-1 | 238638 | Fixed |
unbound | p10 | 1.9.4-alt1 | 1.20.0-alt1 | ALT-PU-2019-2821-1 | 238638 | Fixed |
unbound | p9 | 1.9.4-alt1 | 1.20.0-alt1 | ALT-PU-2019-2824-1 | 238640 | Fixed |
unbound | p8 | 1.9.4-alt0.M80P.1 | 1.11.0-alt0.M80P.1 | ALT-PU-2019-2825-1 | 238639 | Fixed |
unbound | c10f1 | 1.9.4-alt1 | 1.20.0-alt1 | ALT-PU-2019-2821-1 | 238638 | Fixed |
unbound | c9f2 | 1.9.4-alt1 | 1.20.0-alt1 | ALT-PU-2019-2824-1 | 238640 | Fixed |
unbound | p11 | 1.9.4-alt1 | 1.20.0-alt1 | ALT-PU-2019-2821-1 | 238638 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog |
|
https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt |
|
USN-4149-1 |
|
DSA-4544 | |
20191016 [SECURITY] [DSA 4544-1] unbound security update | |
FEDORA-2019-e99b716a92 | |
FEDORA-2019-0418c12a36 |