CVE-2019-25038

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-25038
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-25038.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-25038
Downstream
Related
Published
2021-04-27T06:15:07Z
Modified
2025-08-09T20:01:26Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

Database specific 
{
    "isDisputed": true
}
References

Affected packages

Git / github.com/nlnetlabs/unbound

Affected ranges

Type
GIT
Repo
https://github.com/nlnetlabs/unbound
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
34e52a4313d59b9d57e928c44300fd81e1a48910

Database specific 

{
    "vanir_signatures": [
        {
            "target": {
                "file": "ipsecmod/ipsecmod.c",
                "function": "call_hook"
            },
            "id": "CVE-2019-25038-22a971d4",
            "source": "https://github.com/nlnetlabs/unbound/commit/34e52a4313d59b9d57e928c44300fd81e1a48910",
            "digest": {
                "length": 2050.0,
                "function_hash": "303465733232096823978517449070123341908"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "deprecated": false
        },
        {
            "target": {
                "file": "ipsecmod/ipsecmod.c"
            },
            "id": "CVE-2019-25038-ed5fda81",
            "source": "https://github.com/nlnetlabs/unbound/commit/34e52a4313d59b9d57e928c44300fd81e1a48910",
            "digest": {
                "line_hashes": [
                    "70553163538034000960962883838447906720",
                    "62147787479526802497929393542831647967",
                    "43794976847243337970009644075751210128",
                    "206854229777134557726766374652661591754",
                    "22497931369453821656061072947680439892",
                    "242433969134937716326432553874698764934",
                    "152938100667906096131479708143832401450",
                    "46101062252850330511575173918983145724",
                    "157362141640837772740229871849226310613",
                    "264538954822069397443472615122773019789",
                    "143496833277953931355852379224938644257",
                    "203480266179038306884326564596176499939",
                    "73665829503106289032328800348605369082",
                    "52655954125939492573192009812488428936",
                    "230510070027535029623236987883043298098",
                    "55963106386066207446778033336776991557",
                    "212464111113386431760714608928832136845",
                    "324317679674959875372319663952451420433",
                    "145501367096330326271927998536912673132",
                    "7712312671338711946672425055757003510",
                    "194469914231690406518933733543167455343",
                    "337078465626256361135521580377815858255",
                    "69551360486834579820395484095932616453",
                    "220932950267901280906770376209241638547",
                    "151806495451079858604557862390711251772",
                    "323984524004576252695495354068249264428",
                    "159125170216428001982894041239002846868",
                    "313604412320883742384448830965984522380",
                    "23897712633339973223394152662924014280",
                    "38388900261996797264813407465142516282",
                    "317076279302621377901973555687290557121",
                    "226533621284668773151351540579066444426",
                    "125136969720913860571958183594799194979",
                    "29149951929535913424346922945050149000",
                    "276850585468923192981327481397947013256",
                    "106906077810546410056895284908258869603",
                    "321648861069286777914698546075854336991",
                    "329099943122094127043805942847111155503",
                    "268976628581068154189092415548339107624",
                    "216521024988449076787229928756721242292",
                    "272369404287204970864515064130729912166",
                    "173702320536478764984116801009380616093",
                    "217779352477091361310529382652262637628",
                    "206316453957424109683099858931641700972",
                    "160248007866213256693231605169867630647",
                    "116009048536553657149447497080385657406",
                    "323984524004576252695495354068249264428",
                    "315173114953696267668618285516325708852",
                    "83901963534077062432336834987362808731",
                    "271513679856295084688565457535021362732",
                    "296253931515678179339484311338481206675",
                    "297974649863533103736763988090693906104",
                    "118871358511266717950982875254055733303",
                    "162379569995058781279607653043713940509",
                    "152854346008092563513635124784708029520",
                    "131926960543874682953641937570941013521",
                    "96634251516368624315815557265261067079",
                    "262734782257050881731445987591207587340",
                    "60721623658936596335710612399404057500",
                    "126095431476034665070989077541763716606",
                    "167700405682410954493352853114581197547"
                ],
                "threshold": 0.9
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "deprecated": false
        }
    ]
}