CVE-2019-25034 – unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write
https://notcve.org/view.php?id=CVE-2019-25034
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en la función sldns_str2wire_dname_buf_origin, conllevando a una escritura fuera de límites. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25034 https://bugzilla.redhat.com/show_bug.cgi?id=1954778 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVE-2019-25035 – unbound: out-of-bounds write in sldns_bget_token_par
https://notcve.org/view.php?id=CVE-2019-25035
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite una escritura fuera de límites en la función sldns_bget_token_par. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25035 https://bugzilla.redhat.com/show_bug.cgi?id=1954780 • CWE-787: Out-of-bounds Write •
CVE-2019-25036 – unbound: assertion failure and denial of service in synth_cname
https://notcve.org/view.php?id=CVE-2019-25036
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un error de aserción y denegación de servicio en la función synth_cname. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25036 https://bugzilla.redhat.com/show_bug.cgi?id=1954782 • CWE-617: Reachable Assertion CWE-787: Out-of-bounds Write •
CVE-2019-25037 – unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet
https://notcve.org/view.php?id=CVE-2019-25037
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un fallo de aserción y denegación de servicio en la función dname_pkt_copy por medio de un paquete no válido. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25037 https://bugzilla.redhat.com/show_bug.cgi?id=1954794 • CWE-617: Reachable Assertion •
CVE-2019-25038 – unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c
https://notcve.org/view.php?id=CVE-2019-25038
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited ** EN DISPUTA ** Unbound versiones anteriores a 1.9.5, permite un desbordamiento de enteros en un cálculo de tamaño en el archivo dnscrypt/dnscrypt.c. NOTA: El proveedor niega que esto sea una vulnerabilidad. Aunque el código puede ser vulnerable, una instalación de Unbound en funcionamiento no puede ser explotada de forma remota o local A flaw was found in unbound. • https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results https://security.netapp.com/advisory/ntap-20210507-0007 https://access.redhat.com/security/cve/CVE-2019-25038 https://bugzilla.redhat.com/show_bug.cgi?id=1954796 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •