{"id":"CVE-2019-25031","details":"Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation","modified":"2026-05-28T04:05:08.940353869Z","published":"2021-04-27T06:15:07.447Z","related":["SUSE-SU-2022:0176-1","SUSE-SU-2022:0176-2","SUSE-SU-2022:0301-1","openSUSE-SU-2022:0176-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux","source":"CPE_STRING","extracted_events":[{"last_affected":"9.0"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"},{"type":"ADVISORY","url":"https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210507-0007/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nlnetlabs/unbound","events":[{"introduced":"0"},{"fixed":"34e52a4313d59b9d57e928c44300fd81e1a48910"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.9.5"}],"cpe":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*","source":"CPE_RANGE"}}],"versions":["release-1.9.4","release-1.9.3rc2","release-1.9.3","release-1.9.3rc1","release-1.9.2","release-1.9.2rc3","release-1.9.2rc1","release-1.9.2rc2","final-svn-state","release-1.9.1rc1","release-1.9.0rc1","release-1.8.2rc1","release-1.8.1rc1","release-1.8.0rc1","release-1.7.3rc1","release-1.7.2rc1","release-1.7.1rc1","release-1.7.0rc3","release-1.7.0rc2","release-1.7.0rc1","release-1.6.7","release-1.6.7rc1","release-1.6.6rc2","release-1.6.6rc1","release-1.6.4rc2","release-1.6.4rc1","release-1.6.2rc1","release-1.6.1rc3","release-1.6.1rc2","release-1.6.1rc1","release-1.6.0rc1","release-1.5.10rc1","release-1.5.10","release-1.5.9rc1","release-1.5.8rc1","release-1.5.8","release-1.5.7","release-1.5.6","release-1.5.6rc1","release-1.5.5","release-1.5.5rc1","release-1.5.4rc1","release-1.5.4","release-1.5.3rc1","release-1.5.2","release-1.5.2rc1","release-1.5.1","release-1.5.1rc2","release-1.5.1rc1","release-1.5.0rc1","release-1.4.22","release-1.4.22rc1","release-1.4.20","release-1.4.19","release-1.4.19rc1","release-1.4.18rc2","release-1.4.18rc1","release-1.4.17","release-1.4.17rc1","release-1.4.14","release-1.4.14rc1","release-1.4.13","release-1.4.13rc2","release-1.4.13rc1","release-1.4.12rc1","release-1.4.11rc3","release-1.4.11","release-1.4.11rc2","release-1.4.11rc1","release-1.4.9","release-1.4.9rc1","release-1.4.8rc1","release-1.4.7","release-1.4.7rc1","release-1.4.6","release-1.4.6rc1","release-1.4.5","release-1.4.5rc1","release-1.4.4","release-1.4.4rc1","release-1.4.3","release-1.4.2","release-1.4.1","release-1.4.0","release-1.4.0rc1","release-1.3.3","release-1.3.3rc1","release-1.3.2","release-1.3.1","release-1.1.1","release-1.0.1","release-0.11","release-0.10","release-0.8","release-0.7","release-0.6","release-0.5","release-0.4","release-0.3","release-0.1","release-0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-25031.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}