unbound (SUSE:Manager Server 4.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager Server 4.1 package unbound, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (13)
CVE-2019-25038 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a…
CVE-2019-25039 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a…
CVE-2019-25034 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor…
CVE-2019-25042 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a…
CVE-2019-25035 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability…
CVE-2019-25032 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a…
CVE-2019-25033 — CVSS 9.8 (critical): Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a…
CVE-2019-25041 — CVSS 7.5 (high): Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a…
CVE-2019-25036 — CVSS 7.5 (high): Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a…
CVE-2019-25037 — CVSS 7.5 (high): Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes…
CVE-2019-25040 — CVSS 7.5 (high): Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a…
CVE-2019-25031 — CVSS 5.9 (medium): Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a…
CVE-2020-28935 — CVSS 5.5 (medium): NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local…