unbound: pointer dereference in uninitialized memory (CVE-2019-16866)

Due to an error in parsing NOTIFY queries, it is possible for Unbound to continue processing malformed queries and may ultimately result in a pointer dereference in uninitialized memory. This results in a crash of the Unbound daemon.

Whether this issue leads to a crash depends on the content of the uninitialized memory space and cannot be predicted. This issue can only be triggered by queries received from addresses that are allowed to send queries according to Unbound's ACL (access-control in the Unbound configuration).

Affected Versions:

Unbound 1.7.1 up to and including 1.9.3.

Fixed In Version:

Unbound 1.9.4

References:

https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
https://nvd.nist.gov/vuln/detail/CVE-2019-16866

Patch:

https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff

Affected branches:

master (07f51c5e)
3.10-stable
3.9-stable
3.8-stable

Edited Oct 31, 2019 by Kevin Daudt

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information