Allele Security Alert
ASA-2019-00557
Identifier(s)
ASA-2019-00557, CVE-2019-16866
Title
Vulnerability in parsing NOTIFY queries
Vendor(s)
NLnet Labs
Product(s)
Unbound
Affected version(s)
Unbound version 1.7.1 up to and including version 1.9.3
Fixed version(s)
Unbound version 1.9.4
Proof of concept
Unknown
Description
Due to an error in parsing NOTIFY queries, it is possible for Unbound to continue processing malformed queries and may ultimately result in a pointer dereference in uninitialized memory. This results in a crash of the Unbound daemon.
Technical details
Unknown
Credits
X41 D-Sec
Reference(s)
Unbound: Vulnerability in parsing NOTIFY queries
https://www.nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-parsing-notify-queries
CVE-2019-16866.txt
https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
patch_cve_2019-16866
https://www.nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
CVE-2019-16866 | SUSE
https://www.suse.com/security/cve/CVE-2019-16866
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-16866.html
CVE-2019-16866
https://security-tracker.debian.org/tracker/CVE-2019-16866
CVE-2019-16866
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16866
CVE-2019-16866
https://nvd.nist.gov/vuln/detail/CVE-2019-16866
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 14, 2019