Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2163
HistoryMay 15, 2023 - 7:47 a.m.

Advisory ROSA-SA-2023-2163

2023-05-1507:47:58
ROSA LAB
abf.rosalinux.ru
8

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON

Software: unbound 1.16.2
OS: ROSA Virtualization 2.1

package_evr_string: unbound-1.16.2-2.rv3.src.rpm

CVE-ID: CVE-2019-25032
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC: Unbound before 1.9.5 allows integer overflow in the regional allocator via regional_alloc.
CVE-STATUS: Fixed
CVE-REV: Run the yum update unbound command to close it

CVE-ID: CVE-2019-25033
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC: Unbound before version 1.9.5 allows integer overflow in the regional allocator using the ALIGN_UP macro.
CVE-STATUS: Fixed
CVE-REV: Run the yum update unbound command to close it

CVE-ID: CVE-2019-25034
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC: Unbound before version 1.9.5 allows integer overflow in sldns_str2wire_dname_dname_buf_origin, resulting in writes outside the bounds.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update unbound command

CVE-ID: CVE-2019-25035
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC: Unbound to version 1.9.5 allows out-of-bounds writes to sldns_bget_token_par.
CVE-STATUS: Unbounded
CVE-REV: Run the yum update unbound command to close it

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchunbound< 1.16.2UNKNOWN

Related

ubuntucve 4
nessus 29
openvas 18
osv 3
debian 1
amazon 2
cve 4
debiancve 4
redhatcve 4
photon 7
cloudfoundry 1
prion 4
suse 1
veracode 4
redhat 10
ubuntu 1
almalinux 1
oraclelinux 1
rocky 1
ibm 2
ubuntucve
ubuntucve
CVE-2019-25033
2021-04-27 00:00:00
CVE-2019-25034
2021-04-27 00:00:00
CVE-2019-25035
2021-04-27 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.6 : unbound (EulerOS-SA-2022-1150)
2022-02-13 00:00:00
EulerOS 2.0 SP8 : unbound (EulerOS-SA-2021-2318)
2021-08-10 00:00:00
EulerOS 2.0 SP9 : unbound (EulerOS-SA-2021-2285)
2021-08-09 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1299)
2023-01-31 00:00:00
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2022-1150)
2022-02-13 00:00:00
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2022-1100)
2022-02-13 00:00:00
osv
osv
unbound1.9 - security update
2021-05-06 00:00:00
unbound vulnerabilities
2021-05-06 12:58:29
Moderate: unbound security, bug fix, and enhancement update
2021-05-18 06:15:09
debian
debian
[SECURITY] [DLA 2652-1] unbound1.9 security update
2021-05-06 21:58:25
amazon
amazon
Medium: unbound
2021-07-01 01:09:00
Medium: unbound
2021-07-01 01:09:00
cve
cve
CVE-2019-25034
2021-04-27 06:15:00
CVE-2019-25035
2021-04-27 06:15:00
CVE-2019-25033
2021-04-27 06:15:00
debiancve
debiancve
CVE-2019-25035
2021-04-27 06:15:00
CVE-2019-25034
2021-04-27 06:15:00
CVE-2019-25033
2021-04-27 06:15:00
redhatcve
redhatcve
CVE-2019-25035
2021-04-28 19:36:13
CVE-2019-25033
2021-04-28 19:36:05
CVE-2019-25034
2021-04-28 19:36:10
photon
photon
Critical Photon OS Security Update - PHSA-2021-0236
2021-05-13 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0236
2021-05-13 00:00:00
Critical Photon OS Security Update - PHSA-2021-0342
2021-05-05 00:00:00
cloudfoundry
cloudfoundry
USN-4938-1: Unbound vulnerabilities | Cloud Foundry
2021-06-11 00:00:00
prion
prion
Integer overflow
2021-04-27 06:15:00
Integer overflow
2021-04-27 06:15:00
Design/Logic Flaw
2021-04-27 06:15:00
suse
suse
Security update for unbound (important)
2022-01-25 00:00:00
veracode
veracode
Arbitrary Code Execution
2021-05-24 09:01:02
Denial Of Service (DoS)
2021-05-20 15:27:38
Denial Of Service (DoS)
2021-05-20 15:27:42
redhat
redhat
(RHSA-2024:0749) Moderate: unbound security update
2024-02-08 17:22:26
(RHSA-2021:1853) Moderate: unbound security, bug fix, and enhancement update
2021-05-18 06:15:09
(RHSA-2022:0632) Moderate: unbound security update
2022-02-22 14:34:04
ubuntu
ubuntu
Unbound vulnerabilities
2021-05-06 00:00:00
almalinux
almalinux
Moderate: unbound security, bug fix, and enhancement update
2021-05-18 06:15:09
oraclelinux
oraclelinux
unbound security, bug fix, and enhancement update
2021-05-25 00:00:00
rocky
rocky
unbound security, bug fix, and enhancement update
2021-05-18 06:15:09
ibm
ibm
Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.
2024-01-16 20:00:29
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.
2023-01-06 21:25:02

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

71.8%

JSON
Related for ROSA-SA-2023-2163
ubuntucve4nessus29openvas18osv3debian1amazon2cve4debiancve4redhatcve4photon7cloudfoundry1prion4suse1veracode4redhat10ubuntu1almalinux1oraclelinux1rocky1ibm2