CVE-2024-43168

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-43168
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43168.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-43168
Related
Published
2024-08-12T13:38:36Z
Modified
2024-10-21T22:48:15.509812Z
Summary
[none]
Details

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfgmarkports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

References

Affected packages

Debian:11 / unbound

Package

Name
unbound
Purl
pkg:deb/debian/unbound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.13.1-1+deb11u3

Affected versions

1.*

1.13.1-1
1.13.1-1+deb11u1
1.13.1-1+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / unbound

Package

Name
unbound
Purl
pkg:deb/debian/unbound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.17.1-2
1.17.1-2+deb12u1
1.17.1-2+deb12u2
1.17.1-2+loong64
1.18.0-1
1.18.0-2
1.19.1-1
1.19.2-1
1.20.0-1
1.21.1-1
1.22.0-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / unbound

Package

Name
unbound
Purl
pkg:deb/debian/unbound?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.0-1

Affected versions

1.*

1.17.1-2
1.17.1-2+loong64
1.18.0-1
1.18.0-2
1.19.1-1
1.19.2-1

Ecosystem specific

{
    "urgency": "unimportant"
}