CVE-2024-43167
CVSS 3.1 Score 2.8 of 10 (low)
Details
Summary
CVE-2024-43167 is a reported NULL pointer dereference vulnerability in the ub_ctx_set_fwd function of Unbound. However, NLnet Labs, the original software developer, asserts that this issue does not pose a security risk as it falls within the expected functionality and security controls of the application. Red Hat, on the other hand, contends that there is a potential security risk associated with this flaw in their products. The vulnerability occurs when certain API functions are called in a particular sequence, causing the program to attempt to read from a NULL pointer, resulting in a crash and potential denial of service. The specifics of Red Hat's claim are not yet clear.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.