OESA-2024-2025
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-2025
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-2025.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-2025
- Upstream
- Published
- 2024-08-23T11:08:53Z
- Modified
- 2025-09-03T06:20:27.461967Z
- Summary
- unbound security update
- Details
-
Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most platforms such as FreeBSD, OpenBSD, NetBSD, MacOS, Linux and Microsoft Windows. Unbound is a totally free, open source software under the BSD license. It doesn't make custom builds or provide specific features to paying customers only.
Security Fix(es):
A NULL pointer dereference flaw was found in the ubctxsetfwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ubctxsetfwd and ubctxresolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.(CVE-2024-43167)
A heap-buffer-overflow flaw was found in the cfgmarkports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.(CVE-2024-43168)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP4
unbound
Package
- Name
- unbound
- Purl
- pkg:rpm/openEuler/unbound&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.11.0-13.oe2003sp4
Ecosystem specific
{
"src": [
"unbound-1.11.0-13.oe2003sp4.src.rpm"
],
"aarch64": [
"python3-unbound-1.11.0-13.oe2003sp4.aarch64.rpm",
"unbound-1.11.0-13.oe2003sp4.aarch64.rpm",
"unbound-debuginfo-1.11.0-13.oe2003sp4.aarch64.rpm",
"unbound-debugsource-1.11.0-13.oe2003sp4.aarch64.rpm",
"unbound-devel-1.11.0-13.oe2003sp4.aarch64.rpm",
"unbound-help-1.11.0-13.oe2003sp4.aarch64.rpm",
"unbound-libs-1.11.0-13.oe2003sp4.aarch64.rpm"
],
"x86_64": [
"python3-unbound-1.11.0-13.oe2003sp4.x86_64.rpm",
"unbound-1.11.0-13.oe2003sp4.x86_64.rpm",
"unbound-debuginfo-1.11.0-13.oe2003sp4.x86_64.rpm",
"unbound-debugsource-1.11.0-13.oe2003sp4.x86_64.rpm",
"unbound-devel-1.11.0-13.oe2003sp4.x86_64.rpm",
"unbound-help-1.11.0-13.oe2003sp4.x86_64.rpm",
"unbound-libs-1.11.0-13.oe2003sp4.x86_64.rpm"
]
}openEuler:22.03-LTS-SP1
unbound
Package
- Name
- unbound
- Purl
- pkg:rpm/openEuler/unbound&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.2-12.oe2203sp1
Ecosystem specific
{
"src": [
"unbound-1.13.2-12.oe2203sp1.src.rpm"
],
"aarch64": [
"python3-unbound-1.13.2-12.oe2203sp1.aarch64.rpm",
"unbound-1.13.2-12.oe2203sp1.aarch64.rpm",
"unbound-debuginfo-1.13.2-12.oe2203sp1.aarch64.rpm",
"unbound-debugsource-1.13.2-12.oe2203sp1.aarch64.rpm",
"unbound-devel-1.13.2-12.oe2203sp1.aarch64.rpm",
"unbound-help-1.13.2-12.oe2203sp1.aarch64.rpm",
"unbound-libs-1.13.2-12.oe2203sp1.aarch64.rpm"
],
"x86_64": [
"python3-unbound-1.13.2-12.oe2203sp1.x86_64.rpm",
"unbound-1.13.2-12.oe2203sp1.x86_64.rpm",
"unbound-debuginfo-1.13.2-12.oe2203sp1.x86_64.rpm",
"unbound-debugsource-1.13.2-12.oe2203sp1.x86_64.rpm",
"unbound-devel-1.13.2-12.oe2203sp1.x86_64.rpm",
"unbound-help-1.13.2-12.oe2203sp1.x86_64.rpm",
"unbound-libs-1.13.2-12.oe2203sp1.x86_64.rpm"
]
}openEuler:22.03-LTS-SP3
unbound
Package
- Name
- unbound
- Purl
- pkg:rpm/openEuler/unbound&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.2-13.oe2203sp3
Ecosystem specific
{
"src": [
"unbound-1.13.2-13.oe2203sp3.src.rpm"
],
"aarch64": [
"python3-unbound-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-anchor-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-debuginfo-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-debugsource-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-devel-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-help-1.13.2-13.oe2203sp3.aarch64.rpm",
"unbound-libs-1.13.2-13.oe2203sp3.aarch64.rpm"
],
"x86_64": [
"python3-unbound-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-anchor-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-debuginfo-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-debugsource-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-devel-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-help-1.13.2-13.oe2203sp3.x86_64.rpm",
"unbound-libs-1.13.2-13.oe2203sp3.x86_64.rpm"
]
}openEuler:22.03-LTS-SP4
unbound
Package
- Name
- unbound
- Purl
- pkg:rpm/openEuler/unbound&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.2-13.oe2203sp4
Ecosystem specific
{
"src": [
"unbound-1.13.2-13.oe2203sp4.src.rpm"
],
"aarch64": [
"python3-unbound-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-anchor-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-debuginfo-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-debugsource-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-devel-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-help-1.13.2-13.oe2203sp4.aarch64.rpm",
"unbound-libs-1.13.2-13.oe2203sp4.aarch64.rpm"
],
"x86_64": [
"python3-unbound-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-anchor-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-debuginfo-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-debugsource-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-devel-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-help-1.13.2-13.oe2203sp4.x86_64.rpm",
"unbound-libs-1.13.2-13.oe2203sp4.x86_64.rpm"
]
}openEuler:24.03-LTS
unbound
Package
- Name
- unbound
- Purl
- pkg:rpm/openEuler/unbound&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.17.1-7.oe2403
Ecosystem specific
{
"src": [
"unbound-1.17.1-7.oe2403.src.rpm"
],
"aarch64": [
"python3-unbound-1.17.1-7.oe2403.aarch64.rpm",
"unbound-1.17.1-7.oe2403.aarch64.rpm",
"unbound-anchor-1.17.1-7.oe2403.aarch64.rpm",
"unbound-debuginfo-1.17.1-7.oe2403.aarch64.rpm",
"unbound-debugsource-1.17.1-7.oe2403.aarch64.rpm",
"unbound-devel-1.17.1-7.oe2403.aarch64.rpm",
"unbound-help-1.17.1-7.oe2403.aarch64.rpm",
"unbound-libs-1.17.1-7.oe2403.aarch64.rpm",
"unbound-utils-1.17.1-7.oe2403.aarch64.rpm"
],
"x86_64": [
"python3-unbound-1.17.1-7.oe2403.x86_64.rpm",
"unbound-1.17.1-7.oe2403.x86_64.rpm",
"unbound-anchor-1.17.1-7.oe2403.x86_64.rpm",
"unbound-debuginfo-1.17.1-7.oe2403.x86_64.rpm",
"unbound-debugsource-1.17.1-7.oe2403.x86_64.rpm",
"unbound-devel-1.17.1-7.oe2403.x86_64.rpm",
"unbound-help-1.17.1-7.oe2403.x86_64.rpm",
"unbound-libs-1.17.1-7.oe2403.x86_64.rpm",
"unbound-utils-1.17.1-7.oe2403.x86_64.rpm"
]
}