DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Mon, 21 Oct 2024 12:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 21 Oct 2024 11:30:00 +0000

Type Values Removed Values Added
Description A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there is a security risk within Red Hat products. NLnet Labs has no further information about the claim, and suggests that affected Red Hat customers refer to available Red Hat documentation or support channels. ORIGINAL DESCRIPTION: A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.

Fri, 16 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 09 Aug 2024 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 20:45:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
Title unbound: NULL Pointer Dereference in Unbound Unbound: null pointer dereference in unbound
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openstack
CPEs cpe:/a:redhat:openshift:4
cpe:/a:redhat:openstack:16.2
cpe:/a:redhat:openstack:17.1
cpe:/a:redhat:openstack:18.0
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
Redhat openstack
References

Wed, 07 Aug 2024 17:15:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title unbound: NULL Pointer Dereference in Unbound
Weaknesses CWE-476
References
Metrics threat_severity

None

cvssV3_1

{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

threat_severity

Low


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-08-08T20:24:49.932Z

Updated: 2024-10-21T11:19:11.740Z

Reserved: 2024-08-07T13:02:00.798Z

Link: CVE-2024-43167

cve-icon Vulnrichment

Updated: 2024-08-16T20:02:53.862Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-12T13:38:35.927

Modified: 2024-11-21T09:35:06.587

Link: CVE-2024-43167

cve-icon Redhat

Severity : Low

Publid Date: 2024-08-07T02:00:00Z

Links: CVE-2024-43167 - Bugzilla