FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unbound -- parsing vulnerability

Affected packages
1.7.1 <= unbound < 1.9.4

Details

VuXML ID 108a4be3-e612-11e9-9963-5f1753e0aca0
Discovery 2019-10-03
Entry 2019-10-03

Unbound Security Advisories:

Due to an error in parsing NOTIFY queries, it is possible for Unbound to continue processing malformed queries and may ultimately result in a pointer dereference in uninitialized memory. This results in a crash of the Unbound daemon.

References

CVE Name CVE-2019-16866
URL https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries