PublicDateAtUSN: 2021-04-27 06:15:00 UTC
Candidate: CVE-2019-25037
PublicDate: 2021-04-27 06:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25037
 https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
 https://ubuntu.com/security/notices/USN-4938-1
Description:
 ** DISPUTED ** Unbound before 1.9.5 allows an assertion failure and denial
 of service in dname_pkt_copy via an invalid packet. NOTE: The vendor
 disputes that this is a vulnerability. Although the code may be vulnerable,
 a running Unbound installation cannot be remotely or locally exploited.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_unbound:
 upstream: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5
upstream_unbound: released (1.9.6-1)
precise/esm_unbound: DNE
trusty_unbound: ignored (out of standard support)
trusty/esm_unbound: needs-triage
xenial_unbound: ignored (end of standard support, was needs-triage)
esm-infra/xenial_unbound: needs-triage
bionic_unbound: released (1.6.7-1ubuntu2.4)
focal_unbound: released (1.9.4-2ubuntu1.2)
groovy_unbound: not-affected (1.11.0-1)
hirsute_unbound: not-affected
impish_unbound: not-affected
jammy_unbound: not-affected
devel_unbound: not-affected