Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
I no longer have permission to close this bug, or see what is blocking this. But it's an old resolved issue
This issue could not be triggered by running unbound regularly, but only by injecting the packet directly to the vulnerable function through fuzzing. For this reason its Impact is Moderate.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:1853 https://access.redhat.com/errata/RHSA-2021:1853
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):