CVE-2019-16866

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

References

Affected packages

Git / github.com/nlnetlabs/unbound

Affected ranges

Type: GIT
Repo: https://github.com/nlnetlabs/unbound
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b60c4a472c856f0a98120b7259e991b3a6507eb5

Affected versions

Other

final-svn-state

release-0.*

release-0.0

release-0.1

release-0.10

release-0.11

release-0.3

release-0.4

release-0.5

release-0.6

release-0.7

release-0.8

release-1.*

release-1.0.1

release-1.1.1

release-1.3.1

release-1.3.2

release-1.3.3

release-1.3.3rc1

release-1.4.0

release-1.4.0rc1

release-1.4.1

release-1.4.11

release-1.4.11rc1

release-1.4.11rc2

release-1.4.11rc3

release-1.4.12rc1

release-1.4.13

release-1.4.13rc1

release-1.4.13rc2

release-1.4.14

release-1.4.14rc1

release-1.4.17

release-1.4.17rc1

release-1.4.18rc1

release-1.4.18rc2

release-1.4.19

release-1.4.19rc1

release-1.4.2

release-1.4.20

release-1.4.22

release-1.4.22rc1

release-1.4.3

release-1.4.4

release-1.4.4rc1

release-1.4.5

release-1.4.5rc1

release-1.4.6

release-1.4.6rc1

release-1.4.7

release-1.4.7rc1

release-1.4.8rc1

release-1.4.9

release-1.4.9rc1

release-1.5.0rc1

release-1.5.1

release-1.5.10

release-1.5.10rc1

release-1.5.1rc1

release-1.5.1rc2

release-1.5.2

release-1.5.2rc1

release-1.5.3rc1

release-1.5.4

release-1.5.4rc1

release-1.5.5

release-1.5.5rc1

release-1.5.6

release-1.5.6rc1

release-1.5.7

release-1.5.8

release-1.5.8rc1

release-1.5.9rc1

release-1.6.0rc1

release-1.6.1rc1

release-1.6.1rc2

release-1.6.1rc3

release-1.6.2rc1

release-1.6.4rc1

release-1.6.4rc2

release-1.6.6rc1

release-1.6.6rc2

release-1.6.7

release-1.6.7rc1

release-1.7.0rc1

release-1.7.0rc2

release-1.7.0rc3

release-1.7.1rc1

release-1.7.2rc1

release-1.7.3rc1

release-1.8.0rc1

release-1.8.1rc1

release-1.8.2rc1

release-1.9.0rc1

release-1.9.1rc1

release-1.9.2

release-1.9.2rc1

release-1.9.2rc2

release-1.9.2rc3

release-1.9.3

release-1.9.3rc1

release-1.9.3rc2

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "108668804525512968521245781772799358515",
            "length": 1189.0
        },
        "signature_type": "Function",
        "source": "https://github.com/nlnetlabs/unbound/commit/b60c4a472c856f0a98120b7259e991b3a6507eb5",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2019-16866-a87db40c",
        "target": {
            "file": "util/data/msgparse.c",
            "function": "parse_edns_from_pkt"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "292524766814039243193904328654959074879",
                "190926310423276515140667372296911008744",
                "27514708243843590347563265495800561936",
                "321487332142836091478680797073649085277",
                "177862212439668206665125480104738939871",
                "304073190949653618221352769714700421182",
                "199722816380111729655073334388716968684",
                "233512743183297187893823043763183726154",
                "76661932854880288768020708891397209453",
                "66006337680159787882268731652111930503",
                "60537033214054800082483590096565279745",
                "238432217213848269294299437068420066889",
                "312452348986823874315585376232563627845",
                "296348926669326276626544425712432599022",
                "74495676082743279379696710893359824232"
            ]
        },
        "signature_type": "Line",
        "source": "https://github.com/nlnetlabs/unbound/commit/b60c4a472c856f0a98120b7259e991b3a6507eb5",
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2019-16866-b0fea212",
        "target": {
            "file": "util/data/msgparse.c"
        }
    }
]