Описание
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
A flaw was found in unbound. A reachable assertion in the synth_cname function can be triggered by sending invalid packets to the server. If asserts are disabled during compilation, this issue might lead to an out-of-bounds write in dname_pkt_copy function. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
Отчет
This issue could not be triggered by running unbound regularly, but only by injecting the packet directly to the vulnerable function through fuzzing. For this reason its Impact is Moderate. Upstream has also disputed this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | unbound | Out of support scope | ||
| Red Hat Enterprise Linux 7 | unbound | Out of support scope | ||
| Red Hat Enterprise Linux 9 | unbound | Not affected | ||
| Red Hat Enterprise Linux 8 | unbound | Fixed | RHSA-2021:1853 | 18.05.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | unbound | Fixed | RHSA-2022:0632 | 22.02.2022 |
Показывать по
Дополнительная информация
Статус:
9.8 Critical
CVSS3
Связанные уязвимости
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Unbound before 1.9.5 allows an assertion failure and denial of service ...
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
Уязвимость функции synth_cname() DNS-сервера Unbound, связанная с недостатком использования функции assert(), позволяющая нарушителю вызвать отказ в обслуживании
9.8 Critical
CVSS3