Multiple vulnerabilities in Unbound DNS Server



Published: 2021-05-10
Risk High
Patch available YES
Number of vulnerabilities 12
CVE ID CVE-2019-25033
CVE-2019-25034
CVE-2019-25036
CVE-2019-25037
CVE-2019-25032
CVE-2019-25041
CVE-2019-25042
CVE-2019-25039
CVE-2019-25038
CVE-2019-25040
CVE-2019-25035
CVE-2019-25031
CWE ID CWE-190
CWE-617
CWE-787
CWE-835
CWE-74
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Unbound
Server applications / DNS servers

Vendor NLnet Labs

Security Advisory

1) Integer overflow

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25033

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in regional allocator. A remote attacker can pass specially crafted data to the server via the ALIGN_UP macro, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25034

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the sldns_str2wire_dname_buf_origin() function. A remote attacker can pass specially crafted data to the server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable Assertion

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25036

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the synth_cname() function. A remote attacker can send specially crafted data to the server, trigger an assertion failure and perform a DoS attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4, 1.13.1

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Reachable Assertion

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25037

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the dname_pkt_copy() function. A remote attacker can send specially crafted packets to the DNS server, trigger an assertion failure and perform a DoS attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25032

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in the regional_alloc() function. A remote attacker can pass specially crafted data to the server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Reachable Assertion

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25041

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the dname_pkt_copy() function when processing compressed names. A remote attacker can send specially crafted data to the DNS server, trigger an assertion failure and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.9.0 rc1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds write

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25042

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the rdata_copy() function. A remote attacker can send specially crafted data to the DNS server, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25039

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in respip/respip.c. A remote attacker can pass specially crafted data to the server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer overflow

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25038

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in dnscrypt/dnscrypt.c. A remote attacker can pass specially crafted data to the Unbound DNS server, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Infinite loop

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25040

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the dname_pkt_copy() function when processing compressed names. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds write

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25035

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error within the sldns_bget_token_par() function in sldns/parse.c. A remote attacker can send specially crafted data to the DNS server, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4, 1.13.1

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Code injection

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-25031

CWE-ID: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper input validation within the contrib/create_unbound_ad_servers.sh script, when retrieving data before writing them into a configuration file. A remote non-authenticated attacker with ability to perform MitM attack can intercept and change Unbound configuration, as the input is retrieved via unencrypted HTTP channel.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Unbound: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.3 rc1, 1.3.4, 1.4.0, 1.4.0 rc1, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.4 rc1, 1.4.5, 1.4.5 rc1, 1.4.6, 1.4.6 rc1, 1.4.7, 1.4.7 rc1, 1.4.8, 1.4.8 rc1, 1.4.9, 1.4.9 rc1, 1.4.10, 1.4.11, 1.4.11 rc1, 1.4.11 rc2, 1.4.11 rc3, 1.4.12, 1.4.12 rc1, 1.4.13, 1.4.13 rc1, 1.4.13 rc2, 1.4.13p1, 1.4.13p2, 1.4.14, 1.4.14 rc1, 1.4.15, 1.4.15 rc1, 1.4.16, 1.4.17, 1.4.17 rc1, 1.4.18, 1.4.18 rc1, 1.4.18 rc2, 1.4.19, 1.4.19 rc1, 1.4.20, 1.4.20 rc1, 1.4.21, 1.4.21 rc1, 1.4.22, 1.4.22 rc1, 1.5.0, 1.5.0 rc1, 1.5.1, 1.5.1 rc1, 1.5.1 rc2, 1.5.2, 1.5.2 rc1, 1.5.3, 1.5.3 rc1, 1.5.4, 1.5.4 rc1, 1.5.5, 1.5.5 rc1, 1.5.6, 1.5.6 rc1, 1.5.7, 1.5.7 rc1, 1.5.8, 1.5.8 rc1, 1.5.9, 1.5.9 rc1, 1.5.10, 1.5.10 rc1, 1.6.0, 1.6.0 rc1, 1.6.1, 1.6.1 rc1, 1.6.1 rc2, 1.6.1 rc3, 1.6.2, 1.6.2 rc1, 1.6.3, 1.6.4, 1.6.4 rc1, 1.6.4 rc2, 1.6.5, 1.6.6, 1.6.6 rc1, 1.6.6 rc2, 1.6.7, 1.6.7 rc1, 1.6.8, 1.7.0, 1.7.0 rc1, 1.7.0 rc2, 1.7.0 rc3, 1.7.1, 1.7.1 rc1, 1.7.2, 1.7.2 rc1, 1.7.3, 1.7.3 rc1, 1.7.3 rc2, 1.8.0, 1.8.0 rc1, 1.8.1, 1.8.1 rc1, 1.8.2, 1.8.2 rc1, 1.8.3, 1.9.0, 1.9.0 rc1, 1.9.1, 1.9.1 rc1, 1.9.2, 1.9.2 rc1, 1.9.2 rc2, 1.9.2 rc3, 1.9.3, 1.9.3 rc1, 1.9.3 rc2, 1.9.4

CPE External links

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html
https://security.netapp.com/advisory/ntap-20210507-0007/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###