U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-43167

Change History

CVE Source Update by NLnet Labs 10/21/2024 8:15:03 AM

Action Type Old Value New Value
Changed Source
Red Hat, Inc.
NLnet Labs

CVE Modified by NLnet Labs 10/21/2024 8:15:03 AM

Action Type Old Value New Value
Changed Description
A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
Added CVSS V3.1

								
							
							
						
NLnet Labs AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Removed CVSS V3.1
Red Hat, Inc. AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

								
						
Added CWE

								
							
							
						
NLnet Labs CWE-476
Removed CWE
Red Hat, Inc. CWE-476

								
						
Added Reference

								
							
							
						
NLnet Labs https://access.redhat.com/security/cve/CVE-2024-43167 [No types assigned]
Added Reference

								
							
							
						
NLnet Labs https://bugzilla.redhat.com/show_bug.cgi?id=2303456 [No types assigned]
Added Reference

								
							
							
						
NLnet Labs https://github.com/NLnetLabs/unbound/issues/1072 [No types assigned]
Added Reference

								
							
							
						
NLnet Labs https://github.com/NLnetLabs/unbound/pull/1073/files [No types assigned]
Removed Reference
Red Hat, Inc. https://access.redhat.com/security/cve/CVE-2024-43167

								
						
Removed Reference
Red Hat, Inc. https://bugzilla.redhat.com/show_bug.cgi?id=2303456

								
						
Removed Reference
Red Hat, Inc. https://github.com/NLnetLabs/unbound/issues/1072

								
						
Removed Reference
Red Hat, Inc. https://github.com/NLnetLabs/unbound/pull/1073/files