CVE-2024-43167

CVSS 3.1 Score 2.8 of 10 (low)

Details

Published Aug 12, 2024
Updated: Oct 21, 2024
CWE ID 476

Summary

CVE-2024-43167 is a reported NULL pointer dereference vulnerability in the ub_ctx_set_fwd function of Unbound. However, NLnet Labs, the original software developer, asserts that this issue does not pose a security risk as it falls within the expected functionality and security controls of the application. Red Hat, on the other hand, contends that there is a potential security risk associated with this flaw in their products. The vulnerability occurs when certain API functions are called in a particular sequence, causing the program to attempt to read from a NULL pointer, resulting in a crash and potential denial of service. The specifics of Red Hat's claim are not yet clear.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share