rpm package
suse/unbound&distro=SUSE Linux Enterprise Server 15-LTSS
pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-25042 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25041 | Hig | 7.5 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25040 | Hig | 7.5 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25039 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25038 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25037 | Hig | 7.5 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25036 | Hig | 7.5 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25035 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25034 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploit | |
| CVE-2019-25033 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25032 | Cri | 9.8 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |
| CVE-2019-25031 | Med | 5.9 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Apr 27, 2021 | Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a cont | |
| CVE-2020-28935 | Med | 5.5 | < 1.6.8-3.9.1 | 1.6.8-3.9.1 | Dec 7, 2020 | NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis | |
| CVE-2020-12663 | Hig | 7.5 | < 1.6.8-3.6.1 | 1.6.8-3.6.1 | May 19, 2020 | Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |
| CVE-2020-12662 | Hig | 7.5 | < 1.6.8-3.6.1 | 1.6.8-3.6.1 | May 19, 2020 | Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |
| CVE-2019-18934 | Hig | 7.3 | < 1.6.8-3.6.1 | 1.6.8-3.6.1 | Nov 19, 2019 | Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in t |
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploit
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a cont
- affected < 1.6.8-3.9.1fixed 1.6.8-3.9.1
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis
- affected < 1.6.8-3.6.1fixed 1.6.8-3.6.1
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
- affected < 1.6.8-3.6.1fixed 1.6.8-3.6.1
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
- affected < 1.6.8-3.6.1fixed 1.6.8-3.6.1
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in t