VDB
CVE-2019-18934
CVE-2019-18934
PUBLISHED
CVSS 6.800000190734863 MEDIUM
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
EPSS 0.67% · 71.8th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
0.67%
71.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 31 |
| nlnetlabs | unbound | 1.6.4 |
| n/a | n/a | * |
| opensuse | leap | 15.1, 15.2 |
Exploit Intelligence
- http://www.openwall.com/lists/oss-security/2019/11/19/1 (nist-nvd)
- https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt (circl)
- https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog (circl)
- https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/ (circl)
- FEDORA-2019-a29e620cd4 (circl)
- openSUSE-SU-2020:0912 (circl)
- openSUSE-SU-2020:0913 (circl)
Timeline
- Nov 19, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- [oss-security] 20191119 CVE-2019-18934 Unbound: Vulnerability in IPSEC module mailing-list
- https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt url
- https://github.com/NLnetLabs/unbound/blob/release-1.9.5/doc/Changelog url
- https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released/ url
- FEDORA-2019-a29e620cd4 vendor-advisory
- openSUSE-SU-2020:0912 vendor-advisory
- openSUSE-SU-2020:0913 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-18934 advisory
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCR6JP7MSRARTOGEHGST64G4FJGX5VK url
- https://www.nlnetlabs.nl/news/2019/Nov/19/unbound-1.9.5-released url