CVE-2024-43167

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43167
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43167.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43167
Related
Published
2024-08-12T13:38:35Z
Modified
2024-10-21T22:45:35.181939Z
Summary
[none]
Details

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ubctxsetfwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ubctxsetfwd and ubctxresolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

References

Affected packages

Debian:11 / unbound

Package

Name
unbound
Purl
pkg:deb/debian/unbound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-1+deb11u3

Affected versions

1.*

1.13.1-1
1.13.1-1+deb11u1
1.13.1-1+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / unbound

Package

Name
unbound
Purl
pkg:deb/debian/unbound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17.1-2
1.17.1-2+deb12u1
1.17.1-2+deb12u2
1.17.1-2+loong64
1.18.0-1
1.18.0-2
1.19.1-1
1.19.2-1
1.20.0-1
1.21.1-1
1.22.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / unbound

Package

Name
unbound
Purl
pkg:deb/debian/unbound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.21.1-1

Affected versions

1.*

1.17.1-2
1.17.1-2+loong64
1.18.0-1
1.18.0-2
1.19.1-1
1.19.2-1
1.20.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}