Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-25034

Опубликовано: 11 дек. 2019
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

A flaw was found in unbound. An integer overflow in the sldns_str2wire_dname_buf_origin function may lead to a buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.

Отчет

There is no available reproducer or proof of concept for this issue, nor it was ever proven the buffer overflow can happen in practice. Indeed in the original report this issue was considered one that might not be triggered and for this reason its Impact is Moderate. Upstream has also disputed this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6unboundOut of support scope
Red Hat Enterprise Linux 7unboundOut of support scope
Red Hat Enterprise Linux 9unboundNot affected
Red Hat Enterprise Linux 8unboundFixedRHSA-2021:185318.05.2021
Red Hat Enterprise Linux 8.2 Extended Update SupportunboundFixedRHSA-2022:063222.02.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-787
https://bugzilla.redhat.com/show_bug.cgi?id=1954778unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write

EPSS

Процентиль: 72%
0.00738
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-25034

CVSS3: 9.8
ubuntu
почти 5 лет назад

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

nvd логотип

CVE-2019-25034

CVSS3: 9.8
nvd
почти 5 лет назад

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

debian логотип

CVE-2019-25034

CVSS3: 9.8
debian
почти 5 лет назад

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...

github логотип

GHSA-qx43-gpvm-wqvr

CVSS3: 9.8
github
больше 3 лет назад

Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write.

fstec логотип

BDU:2021-05799

CVSS3: 9.8
fstec
около 6 лет назад

Уязвимость функции sldns_str2wire_dname_buf_origin DNS-сервера Unbound, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 72%
0.00738
Низкий

9.8 Critical

CVSS3