ALPINE-CVE-2019-18934 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2019-18934 PUBLISHED CVSS 7.300000190734863 HIGH

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.

Risk Scores

CVSS v3.1

7.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Alpine:v3.14	unbound	1.6.2-r0, 1.5.10-r0, 1.5.1-r0
Alpine:v3.12	unbound	1.7.1-r0, 0, 1.4.10-r0
Alpine:v3.9	unbound	1.4.22-r1, 1.4.21-r1, 1.4.21-r2
Alpine:v3.16	unbound	1.9.2-r0, 1.9.1-r2, 1.9.1-r1
Alpine:v3.15	unbound	1.8.3-r0, 1.9.4-r1, 1.9.4-r0
Alpine:v3.10	unbound	1.5.6-r3, 1.5.6-r2, 1.5.6-r1
Alpine:v3.17	unbound	1.7.1-r0, 0, 1.4.10-r0
Alpine:v3.8	unbound	1.5.8-r0, 1.5.8-r1, 1.5.9-r0
Alpine:v3.18	unbound	1.4.10-r2, 1.4.10-r3, 1.4.13-r0
Alpine:v3.21	unbound	1.4.10-r0, 1.9.4-r1, 1.9.4-r0
Alpine:v3.23	unbound	0, 1.9.4-r0, 1.9.4-r1
Alpine:v3.13	unbound	0, 1.9.4-r1, 1.9.4-r0
Alpine:v3.20	unbound	0, 1.9.1-r2, 1.9.2-r0
Alpine:v3.22	unbound	1.9.3-r0, 0, 1.4.10-r0
Alpine:v3.19	unbound	0, 1.4.10-r0, 1.4.10-r1
Alpine:v3.11	unbound	1.9.4-r1, 0, 1.4.10-r0

Timeline

Nov 19, 2019 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2019-18934 advisory

Open in Interactive Console →