Versions mentioned in the description apply to the upstream
Remediation section below for
Debian:10 relevant versions.
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
unbound to version 1.4.10-1 or higher.