Your submission was sent successfully! Close

CVE-2019-25040

Published: 27 April 2021

** DISPUTED ** Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
unbound
Launchpad, Ubuntu, Debian
bionic
Released (1.6.7-1ubuntu2.4)
focal
Released (1.9.4-2ubuntu1.2)
groovy Not vulnerable
(1.11.0-1)
hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty Needs triage

upstream
Released (1.9.6-1)
xenial Needs triage