Detections
Analytics

CVE-2024-43167

low

Description

A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

References

https://github.com/NLnetLabs/unbound/pull/1073/files

https://github.com/NLnetLabs/unbound/issues/1072

https://bugzilla.redhat.com/show_bug.cgi?id=2303456

https://access.redhat.com/security/cve/CVE-2024-43167

Details

Source: Mitre, NVD

Published: 2024-08-12

Updated: 2024-08-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 2.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Severity: Low