CVE-2011-1922

NameCVE-2011-1922
Descriptiondaemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
unbound (PTS)stretch1.6.0-3+deb9u2fixed
buster1.9.0-2+deb10u1fixed
buster (security)1.9.0-2+deb10u2fixed
bullseye, sid1.10.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
unboundsource(unstable)1.4.10-1unimportant
unboundsourcelenny1.4.6-1~lenny2unimportant
unboundsourcesqueeze1.4.6-1+squeeze2unimportant

Notes

http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt
asserts not enabled in Debian build

Search for package or bug name: Reporting problems