ghsa-f34v-4q4f-pf5q
Vulnerability from github
Published
2024-08-12 15:30
Modified
2024-08-12 15:30
Severity
Details
A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.
{
"affected": [],
"aliases": [
"CVE-2024-43167"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-12T13:38:35Z",
"severity": "LOW"
},
"details": "A NULL pointer dereference flaw was found in the ub_ctx_set_fwd function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as ub_ctx_set_fwd and ub_ctx_resolvconf are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly.",
"id": "GHSA-f34v-4q4f-pf5q",
"modified": "2024-08-12T15:30:51Z",
"published": "2024-08-12T15:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43167"
},
{
"type": "WEB",
"url": "https://github.com/NLnetLabs/unbound/issues/1072"
},
{
"type": "WEB",
"url": "https://github.com/NLnetLabs/unbound/pull/1073/files"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-43167"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2303456"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
Loading...