{"id":"CVE-2019-25035","details":"Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited","modified":"2026-04-11T21:02:33.995540Z","published":"2021-04-27T06:15:07.560Z","related":["SUSE-SU-2022:0176-1","SUSE-SU-2022:0176-2","SUSE-SU-2022:0301-1","openSUSE-SU-2022:0176-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"},{"type":"ADVISORY","url":"https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210507-0007/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nlnetlabs/unbound","events":[{"introduced":"0"},{"fixed":"34e52a4313d59b9d57e928c44300fd81e1a48910"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.9.5"}],"cpe":"cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*"}}],"versions":["final-svn-state","release-0.0","release-0.1","release-0.10","release-0.11","release-0.3","release-0.4","release-0.5","release-0.6","release-0.7","release-0.8","release-1.0.1","release-1.1.1","release-1.3.1","release-1.3.2","release-1.3.3","release-1.3.3rc1","release-1.4.0","release-1.4.0rc1","release-1.4.1","release-1.4.11","release-1.4.11rc1","release-1.4.11rc2","release-1.4.11rc3","release-1.4.12rc1","release-1.4.13","release-1.4.13rc1","release-1.4.13rc2","release-1.4.14","release-1.4.14rc1","release-1.4.17","release-1.4.17rc1","release-1.4.18rc1","release-1.4.18rc2","release-1.4.19","release-1.4.19rc1","release-1.4.2","release-1.4.20","release-1.4.22","release-1.4.22rc1","release-1.4.3","release-1.4.4","release-1.4.4rc1","release-1.4.5","release-1.4.5rc1","release-1.4.6","release-1.4.6rc1","release-1.4.7","release-1.4.7rc1","release-1.4.8rc1","release-1.4.9","release-1.4.9rc1","release-1.5.0rc1","release-1.5.1","release-1.5.10","release-1.5.10rc1","release-1.5.1rc1","release-1.5.1rc2","release-1.5.2","release-1.5.2rc1","release-1.5.3rc1","release-1.5.4","release-1.5.4rc1","release-1.5.5","release-1.5.5rc1","release-1.5.6","release-1.5.6rc1","release-1.5.7","release-1.5.8","release-1.5.8rc1","release-1.5.9rc1","release-1.6.0rc1","release-1.6.1rc1","release-1.6.1rc2","release-1.6.1rc3","release-1.6.2rc1","release-1.6.4rc1","release-1.6.4rc2","release-1.6.6rc1","release-1.6.6rc2","release-1.6.7","release-1.6.7rc1","release-1.7.0rc1","release-1.7.0rc2","release-1.7.0rc3","release-1.7.1rc1","release-1.7.2rc1","release-1.7.3rc1","release-1.8.0rc1","release-1.8.1rc1","release-1.8.2rc1","release-1.9.0rc1","release-1.9.1rc1","release-1.9.2","release-1.9.2rc1","release-1.9.2rc2","release-1.9.2rc3","release-1.9.3","release-1.9.3rc1","release-1.9.3rc2","release-1.9.4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-25035.json","vanir_signatures":[{"source":"https://github.com/nlnetlabs/unbound/commit/34e52a4313d59b9d57e928c44300fd81e1a48910","signature_type":"Function","target":{"function":"call_hook","file":"ipsecmod/ipsecmod.c"},"signature_version":"v1","id":"CVE-2019-25035-22a971d4","digest":{"function_hash":"303465733232096823978517449070123341908","length":2050},"deprecated":false},{"source":"https://github.com/nlnetlabs/unbound/commit/34e52a4313d59b9d57e928c44300fd81e1a48910","signature_type":"Line","target":{"file":"ipsecmod/ipsecmod.c"},"signature_version":"v1","id":"CVE-2019-25035-ed5fda81","digest":{"threshold":0.9,"line_hashes":["70553163538034000960962883838447906720","62147787479526802497929393542831647967","43794976847243337970009644075751210128","206854229777134557726766374652661591754","22497931369453821656061072947680439892","242433969134937716326432553874698764934","152938100667906096131479708143832401450","46101062252850330511575173918983145724","157362141640837772740229871849226310613","264538954822069397443472615122773019789","143496833277953931355852379224938644257","203480266179038306884326564596176499939","73665829503106289032328800348605369082","52655954125939492573192009812488428936","230510070027535029623236987883043298098","55963106386066207446778033336776991557","212464111113386431760714608928832136845","324317679674959875372319663952451420433","145501367096330326271927998536912673132","7712312671338711946672425055757003510","194469914231690406518933733543167455343","337078465626256361135521580377815858255","69551360486834579820395484095932616453","220932950267901280906770376209241638547","151806495451079858604557862390711251772","323984524004576252695495354068249264428","159125170216428001982894041239002846868","313604412320883742384448830965984522380","23897712633339973223394152662924014280","38388900261996797264813407465142516282","317076279302621377901973555687290557121","226533621284668773151351540579066444426","125136969720913860571958183594799194979","29149951929535913424346922945050149000","276850585468923192981327481397947013256","106906077810546410056895284908258869603","321648861069286777914698546075854336991","329099943122094127043805942847111155503","268976628581068154189092415548339107624","216521024988449076787229928756721242292","272369404287204970864515064130729912166","173702320536478764984116801009380616093","217779352477091361310529382652262637628","206316453957424109683099858931641700972","160248007866213256693231605169867630647","116009048536553657149447497080385657406","323984524004576252695495354068249264428","315173114953696267668618285516325708852","83901963534077062432336834987362808731","271513679856295084688565457535021362732","296253931515678179339484311338481206675","297974649863533103736763988090693906104","118871358511266717950982875254055733303","162379569995058781279607653043713940509","152854346008092563513635124784708029520","131926960543874682953641937570941013521","96634251516368624315815557265261067079","262734782257050881731445987591207587340","60721623658936596335710612399404057500","126095431476034665070989077541763716606","167700405682410954493352853114581197547"]},"deprecated":false}],"vanir_signatures_modified":"2026-04-11T21:02:33Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}