CVE-2019-16866

Published: 03 October 2019

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 LTS (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Patches:
Upstream: https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff