Skip to main content

Unbound CVE-2019-16866

HIGH
Improper Handling of Exceptional Conditions (CWE-755)
2019-10-03 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 03, 2019 - 19:15 nvd
HIGH 7.5

DescriptionNVD

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.

AnalysisAI

Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-755. Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. Affected products include: Nlnetlabs Unbound, Canonical Ubuntu Linux. Version information: before 1.9.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-18934 HIGH POC
7.3 Nov 19

Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiv

CVE-2026-33278 CRITICAL
9.1 May 20

Use-after-free in the DNSSEC validator of NLnet Labs Unbound resolver versions 1.19.1 through 1.25.0 allows remote attac

CVE-2026-42959 HIGH
8.7 May 20

Remote denial of service in NLnet Labs Unbound recursive DNS resolver (versions up to and including 1.25.0) allows an at

CVE-2026-42944 HIGH
8.7 May 20

Heap overflow denial-of-service in NLnet Labs Unbound recursive DNS resolver versions 1.14.0 through 1.25.0 allows remot

CVE-2022-3204 HIGH
7.5 Sep 26

A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolv

CVE-2020-10772 HIGH
7.5 Nov 27

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020

CVE-2020-12663 HIGH
7.5 May 19

Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Rated high severity

CVE-2020-12662 HIGH
7.5 May 19

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. Rated high severity

CVE-2024-1488 HIGH
7.3 Feb 15

A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound grou

CVE-2026-42534 MEDIUM
6.9 May 20

Resolution performance degradation in NLnet Labs Unbound 1.25.0 and earlier allows an unauthenticated remote attacker -

CVE-2026-44390 MEDIUM
6.9 May 20

Denial of service in NLnet Labs Unbound 1.25.0 and earlier allows remote unauthenticated attackers to exhaust CPU resour

CVE-2026-41292 MEDIUM
6.6 May 20

Unbound DNS resolver versions up to and including 1.25.0 allow remote unauthenticated attackers to degrade or deny servi

Share

CVE-2019-16866 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy