UNBOUND DNS Resolver: Vulnerability in IPSEC module
-
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
pfSense uses 1.9.1. Is there a patch/update available for pfSense?
Excerpt:
The CVE number for this vulnerability is CVE-2019-18934 Summary Recent versions of Unbound contain a vulnerability that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. Affected products Unbound 1.6.4 up to and including 1.9.4. Solution Download patched version of Unbound, or apply the patch manually.
-
@elvisimprsntr said in UNBOUND DNS Resolver: Vulnerability in IPSEC module:
--enable-ipsecmod
it is not compiled with that flag
-
pfSense does not use the Unbound ipsec module, so it's a non-issue.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.