CVE-2024-43167

CVSS v3.1

2.8

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Unbound (affected versions not specified)

Description A NULL pointer dereference flaw was found in the ub ctx set fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub ctx set fwd and ub ctx resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-47771

AZL-47779

BDU:2024-06648

CVE-2024-43167

DLA-3903-1

DLA-4280-1

MGASA-2024-0293

OESA-2024-2025

OPENSUSE-SU-2024:14270-1

OPENSUSE-SU-2024_3074-1

OPENSUSE-SU-2024_3111-1

SUSE-SU-2024:3074-1

SUSE-SU-2024:3111-1

SUSE-SU-2024_3074-1

SUSE-SU-2024_3111-1

USN-6998-1

Affected Products

Debian

Linuxmint

Red Os

Suse

Ubuntu

Unbound

CVE-2024-43167

Weakness Enumeration

Related Identifiers

Affected Products

References · 44