CVE-2011-1922

Summary

daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.

Impact & exploitability

AV:N/AC:M/Au:N/C:N/I:N/A:P

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt ↗

Additional information

• NVD record
• http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txtPatch
• http://www.kb.cert.org/vuls/id/531342Patch
• http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061243.html
• http://osvdb.org/72750
• http://secunia.com/advisories/44865
• http://www.securityfocus.com/bid/47986
• https://exchange.xforce.ibmcloud.com/vulnerabilities/67645