In the Unbound DNS server
The vulnerability is caused by the transmission of unescaped characters when calling the ipsecmod-hook shell command, if a request is received for a domain for which there are A/AAAA and IPSECKEY records. Code substitution is carried out by specifying a specially designed domain name in the qname and gateway fields associated with the IPSECKEY record.
Source: opennet.ru