CVE-2019-16866 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-16866 Interim 1 24 2026-03-05T06:07:39Z current 2021-05-30T14:32:01Z 2026-03-05T06:07:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-16866 Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP1 openSUSE Tumbleweed libunbound2 libunbound8-1.13.2-1.2 libunbound8-1.17.1-2.15 libunbound8-1.21.0-slfo.1.1_1.2 libunbound8-1.23.1-160000.1.2 python3-unbound-1.13.2-1.2 python3-unbound-1.23.1-160000.1.2 unbound unbound-1.13.2-1.2 unbound-1.23.1-160000.1.2 unbound-anchor unbound-anchor-1.13.2-1.2 unbound-anchor-1.17.1-2.15 unbound-anchor-1.21.0-slfo.1.1_1.2 unbound-anchor-1.23.1-160000.1.2 unbound-devel unbound-devel-1.13.2-1.2 unbound-devel-1.23.1-160000.1.2 unbound-munin-1.13.2-1.2 libunbound8-1.23.1-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 python3-unbound-1.23.1-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 unbound-1.23.1-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 unbound-anchor-1.23.1-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 unbound-devel-1.23.1-160000.1.2 as a component of SUSE Linux Enterprise Server 16.0 libunbound8-1.17.1-2.15 as a component of SUSE Linux Micro 6.0 unbound-anchor-1.17.1-2.15 as a component of SUSE Linux Micro 6.0 libunbound8-1.21.0-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 unbound-anchor-1.21.0-slfo.1.1_1.2 as a component of SUSE Linux Micro 6.1 libunbound8-1.13.2-1.2 as a component of openSUSE Tumbleweed python3-unbound-1.13.2-1.2 as a component of openSUSE Tumbleweed unbound-1.13.2-1.2 as a component of openSUSE Tumbleweed unbound-anchor-1.13.2-1.2 as a component of openSUSE Tumbleweed unbound-devel-1.13.2-1.2 as a component of openSUSE Tumbleweed unbound-munin-1.13.2-1.2 as a component of openSUSE Tumbleweed libunbound2 as a component of SUSE Linux Enterprise Module for Basesystem 15 unbound-anchor as a component of SUSE Linux Enterprise Module for Basesystem 15 unbound-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 unbound as a component of SUSE Linux Enterprise Module for Basesystem 15 libunbound2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 unbound-anchor as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 unbound-devel as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 unbound as a component of SUSE Linux Enterprise Module for Basesystem 15 SP1 Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. CVE-2019-16866 SUSE Linux Enterprise Server 16.0:libunbound8-1.23.1-160000.1.2 SUSE Linux Enterprise Server 16.0:python3-unbound-1.23.1-160000.1.2 SUSE Linux Enterprise Server 16.0:unbound-1.23.1-160000.1.2 SUSE Linux Enterprise Server 16.0:unbound-anchor-1.23.1-160000.1.2 SUSE Linux Enterprise Server 16.0:unbound-devel-1.23.1-160000.1.2 SUSE Linux Micro 6.0:libunbound8-1.17.1-2.15 SUSE Linux Micro 6.0:unbound-anchor-1.17.1-2.15 SUSE Linux Micro 6.1:libunbound8-1.21.0-slfo.1.1_1.2 SUSE Linux Micro 6.1:unbound-anchor-1.21.0-slfo.1.1_1.2 openSUSE Tumbleweed:libunbound8-1.13.2-1.2 openSUSE Tumbleweed:python3-unbound-1.13.2-1.2 openSUSE Tumbleweed:unbound-1.13.2-1.2 openSUSE Tumbleweed:unbound-anchor-1.13.2-1.2 openSUSE Tumbleweed:unbound-devel-1.13.2-1.2 openSUSE Tumbleweed:unbound-munin-1.13.2-1.2 SUSE Linux Enterprise Module for Basesystem 15 SP1:libunbound2 SUSE Linux Enterprise Module for Basesystem 15 SP1:unbound SUSE Linux Enterprise Module for Basesystem 15 SP1:unbound-anchor SUSE Linux Enterprise Module for Basesystem 15 SP1:unbound-devel SUSE Linux Enterprise Module for Basesystem 15:libunbound2 SUSE Linux Enterprise Module for Basesystem 15:unbound SUSE Linux Enterprise Module for Basesystem 15:unbound-anchor SUSE Linux Enterprise Module for Basesystem 15:unbound-devel important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H