Your submission was sent successfully! Close

CVE-2019-25031

Published: 27 April 2021

** DISPUTED ** Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
bionic
Released (1.6.7-1ubuntu2.4)
focal
Released (1.9.4-2ubuntu1.2)
groovy Not vulnerable
(1.11.0-1)
hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Needs triage

upstream
Released (1.9.6-1)
xenial Needs triage