PT-2024-5867 · Nlnet+4 · Unbound+4

Xiaoxiaoafeifei

Published

2024-08-08

Updated

2025-08-24

CVE-2024-43168

CVSS v3.1

4.8

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Unbound (affected versions not specified)

Description A heap-buffer-overflow flaw was found in the cfg mark ports function within Unbound's config file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

AZL-47774

AZL-47776

BDU:2024-06649

CVE-2024-43168

DLA-3903-1

DLA-4280-1

OESA-2024-2025

USN-6998-1

Affected Products

Debian

Linuxmint

Red Os

Ubuntu

Unbound

PT-2024-5867 · Nlnet+4 · Unbound+4

CVE-2024-43168

Weakness Enumeration

Related Identifiers

Affected Products

References · 31