Bug 2303462 (CVE-2024-43168) - CVE-2024-43168 unbound: Heap-Buffer-Overflow in Unbound
Summary: CVE-2024-43168 unbound: Heap-Buffer-Overflow in Unbound
Keywords:
Status: NEW
Alias: CVE-2024-43168
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2303471 2303472 2303473 2303474
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-07 14:06 UTC by Abhishek Raj
Modified: 2024-10-04 10:36 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A heap-buffer-overflow flaw in the cfg_mark_ports function within Unbound's config_file.c can lead to memory corruption. An attacker with local access can exploit this issue by providing specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github NLnetLabs unbound issues 1039 0 None closed a heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c 2024-10-04 10:32:47 UTC
Github NLnetLabs unbound pull 1040 0 None Merged fix heap-buffer-overflow issue in function cfg_mark_ports of file util/config_file.c 2024-10-04 10:32:47 UTC

Description Abhishek Raj 2024-08-07 14:06:29 UTC
Unbound version <= 1.19.3 contains a heap-buffer-overflow vulnerability. The flaw occurs in the cfg_mark_ports function within the config_file.c file, leading to potential memory corruption. This issue can be triggered when processing certain inputs, causing the application to crash or potentially allowing an attacker to execute arbitrary code.


Note You need to log in before you can comment on or make changes to this bug.