cve/2019/CVE-2019-25034.md

CVE-2019-25034

Description

** DISPUTED ** Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited.

POC

Reference

• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
• https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

Github

• https://github.com/ARPSyndicate/cvemon