Re: CVE 2024 1931 - unbound
- Reply: Wall, Stephen: "RE: CVE 2024 1931 - unbound"
- In reply to: Wall, Stephen: "CVE 2024 1931 - unbound"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 29 Jun 2024 18:40:34 UTC
"Wall, Stephen" <stephen.wall@redcom.com> writes: > This CVE lists unbound 1.19.1 as being vulnerable. This is the > version currently included in 14.0, but there is no Security Advisory > for it. Does this mean that the base system unbound can’t be used in > a way that makes it vulnerable, or is this something that needs to be > addressed? The base system unbound is meant to be used with a configuration generated by `local-unbound-setup`, which never enables the `ede` option which is a prerequisite for the DoS attack described in CVE-2024-1931. DES (speaking only for himself) -- Dag-Erling Smørgrav - des@FreeBSD.org