Description

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

INFO

Published Date :

2024-08-08T20:25:24.723Z

Last Modified :

2025-11-03T22:04:59.198Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43168 vulnerability.

Vendors Products
Redhat
  • Enterprise Linux
  • Openshift
  • Openstack
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43168.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-43168 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2303462 cve-icon cve-icon
https://github.com/NLnetLabs/unbound/issues/1039 cve-icon cve-icon cve-icon
https://github.com/NLnetLabs/unbound/pull/1040/files cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/09/msg00046.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-43168 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-43168 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact