vulnerability
Oracle Linux: CVE-2019-25038: ELSA-2021-1853: unbound security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 2019-12-11 | 2021-05-26 | 2024-11-25 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
2019-12-11
Added
2021-05-26
Modified
2024-11-25
Description
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited
A flaw was found in unbound. An integer overflow in dnsc_load_local_data function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
A flaw was found in unbound. An integer overflow in dnsc_load_local_data function may lead to a buffer overflow of the allocated buffer if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.
Solution(s)
oracle-linux-upgrade-python3-unboundoracle-linux-upgrade-unboundoracle-linux-upgrade-unbound-develoracle-linux-upgrade-unbound-libs
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.