{
  "threat_severity" : "Moderate",
  "public_date" : "2019-12-11T00:00:00Z",
  "bugzilla" : {
    "description" : "unbound: out-of-bounds write via a compressed name in rdata_copy",
    "id" : "1954804",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1954804"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited", "A flaw was found in unbound. An out-of-bounds write in the rdata_copy function may be abused by a remote attacker. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability." ],
  "statement" : "According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate. Upstream has also disputed this CVE.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2021-05-18T00:00:00Z",
    "advisory" : "RHSA-2021:1853",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "unbound-0:1.7.3-15.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-02-22T00:00:00Z",
    "advisory" : "RHSA-2022:0632",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "unbound-0:1.7.3-12.el8_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "unbound",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-25042\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-25042" ],
  "name" : "CVE-2019-25042",
  "csaw" : false
}