Home > Vulnerability Database > CVE-2024-43168

Mend.io Vulnerability Database

CVE-2024-43168

Good to know:

Date: August 8, 2024

A heap-buffer-overflow flaw was found in the cfg_mark_ports function within Unbound's config_file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system.

Language: C

Severity Score

4.8

Related Resources (6)

Url: https://github.com/NLnetLabs/unbound/issues/1039

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-43168

Url: https://access.redhat.com/security/cve/CVE-2024-43168

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2303462

Url: https://github.com/NLnetLabs/unbound/pull/1040/files

Url: https://www.mend.io/vulnerability-database/CVE-2024-43168

Severity Score

4.8

Weakness Type (CWE)

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version release-1.20.0

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-43168

Good to know:

Date: August 8, 2024

Language: C

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?