vulnerability
FreeBSD: VID-108A4BE3-E612-11E9-9963-5F1753E0ACA0 (CVE-2019-16866): unbound -- parsing vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Oct 3, 2019 | Oct 4, 2019 | Jan 22, 2020 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Oct 3, 2019
Added
Oct 4, 2019
Modified
Jan 22, 2020
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From VID-108A4BE3-E612-11E9-9963-5F1753E0ACA0:
Unbound Security Advisories:
Due to an error in parsing NOTIFY queries, it is possible for Unbound
to continue processing malformed queries and may ultimately result in a
pointer dereference in uninitialized memory. This results in a crash of
the Unbound daemon.
Solution
freebsd-upgrade-package-unbound
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.