Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. Reference: https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/
Upstream patch: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe
Statement: According to the original report there are checks happening before the affected function that make this not exploitable. For these reasons its Impact is Moderate.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1853 https://access.redhat.com/errata/RHSA-2021:1853
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-25041
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2022:0632 https://access.redhat.com/errata/RHSA-2022:0632