Описание
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
A flaw was found in unbound. A reachable assertion in the dname_pkt_copy function can be triggered by sending invalid packets to the server. The highest threat from this vulnerability is to service availability.
Отчет
Upstream has disputed this CVE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | unbound | Out of support scope | ||
| Red Hat Enterprise Linux 7 | unbound | Out of support scope | ||
| Red Hat Enterprise Linux 9 | unbound | Not affected | ||
| Red Hat Enterprise Linux 8 | unbound | Fixed | RHSA-2021:1853 | 18.05.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | unbound | Fixed | RHSA-2022:0632 | 22.02.2022 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
Unbound before 1.9.5 allows an assertion failure and denial of service ...
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
Уязвимость функции dname_pkt_copy DNS-сервера Unbound, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3