CVE-2024-43168

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Oct 21, 2024

CWE ID 122

Summary

CVE-2024-43168 is a reported heap-buffer-overflow vulnerability in Unbound's config_file.c, specifically in the cfg_mark_ports function. According to NLnet Labs, this issue does not pose a security risk, as it falls within the expected functionality and security controls of the application. However, Red Hat has issued a warning claiming that there is a potential security risk in their products related to this vulnerability. The flaw could allow an attacker with local access to provide malicious input, leading to memory corruption and potential arbitrary code execution, resulting in a denial of service or unauthorized system actions. It is recommended that affected Red Hat users consult Red Hat's documentation or support channels for further information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

NLNet Labs Unbound

Affected Vendors

NLnet Labs

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners