{
  "threat_severity" : "Moderate",
  "public_date" : "2019-12-11T00:00:00Z",
  "bugzilla" : {
    "description" : "unbound: integer overflow in the regional allocator via the ALIGN_UP macro",
    "id" : "1954775",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1954775"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited", "A flaw was found in unbound. An integer overflow in the regional allocator via the ALIGN_UP macro may lead to a buffer overflow if the size can be controlled by an attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability." ],
  "statement" : "There is no available reproducer or proof of concept for this issue, nor it was ever proven the buffer overflow can happen in practice. Indeed this issue was initially considered just as \"side-finding\", according to the original report, and for this reason its Impact is Moderate. Upstream has also disputed this CVE.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-11-08T00:00:00Z",
    "advisory" : "RHSA-2022:7622",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "unbound-0:1.16.2-2.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2024-02-08T00:00:00Z",
    "advisory" : "RHSA-2024:0749",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.6",
    "package" : "unbound-0:1.7.3-17.el8_6.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-25033\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25033" ],
  "name" : "CVE-2019-25033",
  "csaw" : false
}